linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Valdis.Kletnieks@vt.edu
To: Pavel Machek <pavel@ucw.cz>
Cc: Kees Cook <kees.cook@canonical.com>, linux-kernel@vger.kernel.org
Subject: Re: [Security] proactive defense: using read-only memory
Date: Wed, 17 Nov 2010 19:12:27 -0500	[thread overview]
Message-ID: <32620.1290039147@localhost> (raw)
In-Reply-To: Your message of "Wed, 17 Nov 2010 11:00:54 +0100." <20101117100053.GA1574@ucw.cz>

[-- Attachment #1: Type: text/plain, Size: 502 bytes --]

On Wed, 17 Nov 2010 11:00:54 +0100, Pavel Machek said:

> > - Entry points to set_kernel_text_rw() and similar need to be blockable.
> >   Having these symbols available make kernel memory modification trivial;
> 
> What prevents attacker to just inlining those functions in the
> exploit?

Quite often, you are limited on how many bytes of exploit code you can inject.
If you have to do the whole thing in (say) 139 bytes, having to inlinine even
one function may make the exploit impossible to run.


[-- Attachment #2: Type: application/pgp-signature, Size: 227 bytes --]

      parent reply	other threads:[~2010-11-18  0:12 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-11-07 19:35 [Security] proactive defense: using read-only memory Kees Cook
2010-11-08  6:13 ` [Security] proactive defense: using read-only memory, RO/NX modules Ingo Molnar
2010-11-08 10:03   ` Alan Cox
2010-11-08 21:42   ` Kees Cook
2010-11-10  9:04     ` Ingo Molnar
2010-11-11  6:56       ` Kees Cook
2010-11-11  9:07         ` Ingo Molnar
2010-11-13 19:59       ` matthieu castet
2010-11-14  9:56         ` Ingo Molnar
2010-11-17 10:00 ` [Security] proactive defense: using read-only memory Pavel Machek
2010-11-17 22:14   ` Kees Cook
2011-01-02  9:09     ` Pavel Machek
2010-11-18  0:12   ` Valdis.Kletnieks [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=32620.1290039147@localhost \
    --to=valdis.kletnieks@vt.edu \
    --cc=kees.cook@canonical.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pavel@ucw.cz \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).