Hi people,
I'm doing a new feature for linux kernel 2.6 to protect against all kinds of buffer
overflow. It works with new sys_control() system call controling if a process can or can't
call a system call ie. sys_execve();
You can do it using /bin/sys_control <pid> <enable or not system call> <eax of system
call> <secret number>
for process that never call for example sys_execve(), setuid() ( you must need specify
each eax for each system call) and use some functions in sys_control.h like lock_execve(n)
and unlock_execve(n), where n is a secret number defined in sysctl. With this functions
you will use system calls only when you need.
All shellcodes that use system calls like sys_execve() sys_setuid() will not work with
this feature.
I think it can be an option in linux kernel.
Questions .. suggestions.
Thanks
Breno at kalangolinux.org
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
| |
 |