Re: mprotect abuse in slim
From: Valdis . Kletnieks
Date: Tue Jan 09 2007 - 14:29:14 EST
On Mon, 08 Jan 2007 17:38:25 EST, Mimi Zohar said:
> revoked. Based on previous comments on lkml, we understand
> that this is not really possible in general, so SLIM only
> attempts to revoke access in certain simple cases.
Which, unfortunately, creates incredibly brittle code when some attacker
reads the SLIM source code and finds a way to force the non-simple case
you ignore.
This is an area where you really need to do it *right*, or not at all.
Attachment:
pgp00000.pgp
Description: PGP signature