* Ingo Molnar <[EMAIL PROTECTED]> wrote:
> http://pax.grsecurity.net/docs/pax-future.txt
>
> To understand the future direction of PaX, let's summarize what we
> achieve currently. The goal is to prevent/detect exploiting of
> software bugs that allow arbitrary read/write access to the attacked
> process. Exploiting such bugs gives the attacker three different
> levels of access into the life of the attacked process:
>
> (1) introduce/execute arbitrary code
> (2) execute existing code out of original program order
> (3) execute existing code in original program order with arbitrary
> data
>
> Non-executable pages (NOEXEC) and mmap/mprotect restrictions
> (MPROTECT) prevent (1) with one exception: if the attacker is able to
> create/write to a file on the target system then mmap() it into the
> attacked process then he will have effectively introduced and
> executed arbitrary code.
> [...]
>
> the blanket statement in this last paragraph is simply wrong, as it
> omits to mention a number of other ways in which "code" can be
> injected.
i'd like to correct this sentence of mine because it's unfair: your
categories are consistent if you define 'code' as 'machine code', and
it's clear from your documents that you mean 'machine code' under code.
(My other criticism remains.)
Ingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
