On Thu, 22 Sep 2005 19:44:33 -0000, [email protected] said: > I'm doing a new feature for linux kernel 2.6 to protect against all kinds of buffer > overflow. It works with new sys_control() system call controling if a process can or can't > call a system call ie. sys_execve(); This has been done before. ;) Also, note *VERY* carefully that this does *NOT* protect against buffer overflow the way ExecShield and PAX and similar do - this merely tries to mitigate the damage. Note that you probably don't *DARE* remove open()/read()/write()/close() from the "permitted syscall" list - and an attacker can have plenty of fun just with those 4 syscalls. (That's also why SELinux was designed to give better granularity to syscalls - it can restrict a program to "write only to files it *should* be able to write").
Attachment:
pgppTNejwRMp5.pgp
Description: PGP signature
- Follow-Ups:
- Re: security patch
- From: Zan Lynx <[email protected]>
- Re: security patch
- References:
- Prev by Date: Re: 2.6.14-rc1-git-now still dying in mm/slab - this time line 1849
- Next by Date: Re: [NFS] Re: [PATCH] repair nfsd/sunrpc in 2.6.14-rc2-mm1 (and other -mm versions)
- Previous by thread: security patch
- Next by thread: Re: security patch
- Index(es):
