Andi Kleen wrote:
On Tuesday 22 August 2006 16:25, Adrian Bunk wrote:
On Tue, Aug 22, 2006 at 03:50:57PM +0200, Andi Kleen wrote:
this would need a "const after boot" section; which is really not hard
to make and probably useful for a lot more things.... todo++
except for anything that needs tlb entries in user space. And it only gives you
false sense of security. --todo
What's the alternative?
The alternative is to not protect it, since protecting it doesn't
offer any significant additional security over not protecting it.
Didn't someone point out yet that if you are vulnerable to someone
loading a kernel module of their choosing, you lose, plain and simple?
You don't need paravirt-ops to implement a rootkit, and it doesn't make
it any easier, and write protecting it is totally useless. How do you
think VMware runs on Linux? It takes over the hardware entirely, loads
a hypervisor, and starts running in a completely different world. And
it doesn't even need to use a single _GPL'd export to do that.
Write protection is great as a debug option to find accidental memory
corruptions. It is useless as a technique to prevent subversion. Um
hello, you're already at CPL-0. Just rewrite the page tables already.
Change it from a struct to a compile time choice?
One of the design goals of paravirt-ops was to allow single binaries
that run on both native hardware and on hypervisors. So that would
be a non starter.
Strongly agree.
Zach
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]