Re: CVS commit: src

To: Reinoud Zandijk <reinoud%NetBSD.org@localhost>
Subject: Re: CVS commit: src
From: jean-Yves Migeon <jym%NetBSD.org@localhost>
Date: Wed, 21 Dec 2011 19:55:45 +0100

On Wed, 21 Dec 2011 16:47:49 +0100, Reinoud Zandijk wrote:

The patch is written to allow for multiple non-UVM flags to beattached tomappings and allow the kernel to react on them. NetBSD/usermode usesthis todisallow system calls to be made from within mapped regions and getthemreturned as illegal instructions so it can analyse and emulate thesystemcalls. To prevent every process to be scrutinized this way a processflag hasbeen introduced to mark if a process needs this check since thedetection
involve acuiring a lock to walk the uvm map.

Why make this a memory-level property, and not a process-levelproperty? If you want to proxy syscalls between host and usermodekernel, why make it exclusive to certain mem regions? I am probablymissing something with the way usermode processes, usermode kernel hostkernel interact.

On the enhancing security argument, malicious source code couldtriggercompiler bugs that allow for code to be modified or otherwisemanipulated toissue system calls where they shouldn't. Although it wouldn'tnessiarily pose
a system security issue, it could be used for extracting info or for
malicious behaviour where with the patch it would simply bomb out.

That's the part I have trouble with. It looks like a weaker form of W^X(or PaX's mprotect), and I can't see the "additional" security benefits.

Malicious code is free to trigger compiler bugs that can make calls tovalid memory areas. If you manage to plant a "int 0x80" in aMMAP_NOSYSCALLS executable region, just make it to a "call __syscall".At the expense of a few more arguments, you will get the same result.

As for the panic in sys_mmap(), as pointed out by Joerg and DavidYoung, yes,
that should return a EOPNOTSUPP or an EINVAL. Panicing is indeed far
too crude
and i'll change that.

Hope this answers most of your questions.


Waiting for mines :)

--
Jean-Yves Migeon
jym%NetBSD.org@localhost

Follow-Ups:
- Re: CVS commit: src or a tale on NetBSD/usermode
  - From: Reinoud Zandijk

References:
- Re: CVS commit: src
  - From: Joerg Sonnenberger
- Re: CVS commit: src
  - From: Simon Burge
- Re: CVS commit: src
  - From: Reinoud Zandijk

Prev by Date: Re: CVS commit: src
Next by Date: Re: CVS commit: src or a tale on NetBSD/usermode
Previous by Thread: Re: CVS commit: src
Next by Thread: Re: CVS commit: src or a tale on NetBSD/usermode
Indexes:

Home | Main Index | Thread Index | Old Index