checking the calling eip of a system call

From: jnf
Date: Tue Jan 06 2004 - 20:18:19 EST

Next message: Guldo K: "Re: speedtouch for 2.6.0"
Previous message: Alex Buell: "/proc/slabinfo reports excessive size-64 objects"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

A friend of mine wrote some kernel code that without getting too much into
how exactly the code works, checks the calling eip of a system call and
just verifies that its not coming from 'bad' areas, bad areas being
defined as the stack/heap/data/bss, While I realize this hardly fixes a
possible buffer overflow (this wouldnt affect a return into libc type
exploit for instance). He recently asked me to take a look at it and give
him my opinion to see if he should further development in it. So really my
question is, assuming the impletemention of it is good- what problems
could this present to the kernel itself? It seems like a decent basic
sanity check - but there is nothing like it (AFAIK) in the kernel already.
So as I said, what problems could this present, other than breaking self
modifying code and the likes?

thanks,
jnf
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Guldo K: "Re: speedtouch for 2.6.0"
Previous message: Alex Buell: "/proc/slabinfo reports excessive size-64 objects"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]