On-line judgment kernel module
dgilbert at dclg.ca
Fri Oct 17 07:15:22 PDT 2003
>>>>> "Samy" == Samy Al Bahra <samy at kerneled.com> writes:
Samy> On Thu, 16 Oct 2003 18:28:15 -0400 David Gilbert
Samy> <dgilbert at dclg.ca> wrote:
>> As you conjecture, a syscall-less or syscall-restricted environment
>> *should* be safe ... if your syscall changes are bulletproof
>> *_and_* the rest of the runtime environment is bulletproof.
Samy> Good system call policies are a WONDERFUL feature at a system
Samy> administrator's hands. There is no such thing as a syscall-less
Samy> environment but only a restricted (either at the same layer as
Samy> the system calls or above in terms of code path).
Still... it would seem to me to be safer to use a complete emulation
environment than risk getting everything else right.
>> Isn't a syscall required to finish off exit()?
Samy> Yes, consult kern_exit.c How is this related to the discussion
Samy> though? The fact is, most people would not even want to TOUCH
Samy> sys_exit and friends since there are no real security advantages
Samy> there. In otherwords, an exit system call remains completely the
Ah, well ... I was understanding that origional email wanted a
syscall-less environment and was just further arguing the point.
|David Gilbert, Independent Contractor. | Two things can only be |
|Mail: dave at daveg.ca | equal if and only if they |
|http://daveg.ca | are precisely opposite. |
More information about the freebsd-hackers