Re: mprotect abuse in slim

From: Valdis . Kletnieks
Date: Tue Jan 09 2007 - 14:29:14 EST

Next message: Alexey Dobriyan: "[PATCH] cpia.c: buffer overflow"
Previous message: Randy Dunlap: "Re: [PATCH -MM] e1000: rewrite hardware initialization code"
In reply to: Mimi Zohar: "Re: mprotect abuse in slim"
Next in thread: Mimi Zohar: "Re: mprotect abuse in slim"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 08 Jan 2007 17:38:25 EST, Mimi Zohar said:

> revoked. Based on previous comments on lkml, we understand
> that this is not really possible in general, so SLIM only
> attempts to revoke access in certain simple cases.

Which, unfortunately, creates incredibly brittle code when some attacker
reads the SLIM source code and finds a way to force the non-simple case
you ignore.

This is an area where you really need to do it *right*, or not at all.

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Alexey Dobriyan: "[PATCH] cpia.c: buffer overflow"
Previous message: Randy Dunlap: "Re: [PATCH -MM] e1000: rewrite hardware initialization code"
In reply to: Mimi Zohar: "Re: mprotect abuse in slim"
Next in thread: Mimi Zohar: "Re: mprotect abuse in slim"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]