Greetings, much respected FreeBAS Hackers! :)
I am developing a kernel module that implements a custom syscall and needs to know from what exact userland address was the call made.
Being concerned about choosing the most correct approach, I turned to this list for help.
Please provide as much information as you can.
For those interested I will explain the purpose.
I've been thinking of some way to let Apache children a limited ability to setuid() as a solution for both suexec and the infamous PHP-as-a-module issue.
The solution I am about to implement is based on a custom setuid syscall, that would allow limited list of processes to obtain root privileges from a limited set of locations (supposedly, the trusted ones, originating in the httpd's .text section).
The modified Apache child would issue such a syscall, get root privileges and then immediately setusercontext() for the request it is about to process.
The list of processes and locations would be maintained by Apache parent that runs with root privileges already, child processes would not be allowed to modify the list.
The key point here is ability to trust a call being made from a specific location. I assume that process cannot change its .text section once loaded so this scheme would no be abused by overwriting the location with malicious code. Am I correct here? What do you think of this scheme overall?
Thank you.
-- Deomid Ryabkov aka Rojer [EMAIL PROTECTED] [EMAIL PROTECTED] ICQ: 8025844
smime.p7s
Description: S/MIME Cryptographic Signature
