On Thu, 2007-06-21 at 19:46 +0200, Alexander Wuerstlein wrote: > On 070621 19:33, Arjan van de Ven <[EMAIL PROTECTED]> wrote: > > On Thu, 2007-06-21 at 19:25 +0200, Alexander Wuerstlein wrote: > > > On 070621 19:21, Arjan van de Ven <[EMAIL PROTECTED]> wrote: > > > > On Thu, 2007-06-21 at 18:02 +0200, Alexander Wuerstlein wrote: > > > > > Modified task_struct to hold a 'signed flag' which is set on exec(), > > > > > inherited > > > > > on fork() and checked during exec before giving the new process > > > > > suid/sgid > > > > > privileges. > > > > > > > > > > > > > > > > > > > > > do you also check the signature of glibc and every other shared library > > > > that the app uses (or dlopens)? if not.. the entire exercise is rather > > > > pointless... > > > > > > We do check that, that is patch [3/4]. > > > > > > Of course we can only check mmap-ed files, if there is no file like with > > > JIT > > > compilers we are out of luck. > > > > or if the process uses read() not mmap(). > > If a process uses read() it needs some executable and writable memory. We do > check for this in mprotect(). There is a problem with the i386-architecture, > because it allows execution of any readable page (except with newer > processors). But beyond that ugliness of i386, it should not be possible to > execute anything without us noticing it (hopefully).
welcome to mprotect() where the app can just change the permissions -- if you want to mail me at work (you don't), use arjan (at) linux.intel.com Test the interaction between Linux and your BIOS via http://www.linuxfirmwarekit.org - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
