Re: mprotect abuse in slim

From: Mimi Zohar
Date: Tue Jan 09 2007 - 16:46:11 EST

Next message: Auke Kok: "Re: SATA/IDE Dual Mode w/Intel 945 Chipset or HOW TO LIQUIFY a flashIDE chip under 2.6.18"
Previous message: Andrew Morton: "Re: .version keeps being updated"
In reply to: Valdis . Kletnieks: "Re: mprotect abuse in slim"
Next in thread: Pavel Machek: "Re: mprotect abuse in slim"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Valdis.Kletnieks@xxxxxx wrote on 01/09/2007 02:27:19 PM:

>Which, unfortunately, creates incredibly brittle code when some attacker
>reads the SLIM source code and finds a way to force the non-simple case
>you ignore.
>
>This is an area where you really need to do it *right*, or not at all.

For the non-simple case, it isn't that we 'ignore' the revocation,
but we prevent the cause for demotion to occur. The current status is
that for those cases we can revoke, we demote the process and do the
revocation, and for those cases which we can't revoke, we prevent the
process from being demoted.

Mimi Zohar
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Auke Kok: "Re: SATA/IDE Dual Mode w/Intel 945 Chipset or HOW TO LIQUIFY a flashIDE chip under 2.6.18"
Previous message: Andrew Morton: "Re: .version keeps being updated"
In reply to: Valdis . Kletnieks: "Re: mprotect abuse in slim"
Next in thread: Pavel Machek: "Re: mprotect abuse in slim"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]