[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security in MiNT



Hullo there!

Thierry wrote:

>There are some security holes which will be difficult to plug. For
>instance, any user process can call Super(0L) to switch the
>microprocessor into supervisor mode, raise the IPL mask to seven, and
>enter a tight loop (or even nastier). Nice, isn't it?
>
>Of course, you could think of making Super() and Supexec() usable only
>by root, but since the MiNTlibs need one of these functions to scan the
>cookie jar (and test for the presence of MiNT), it's not realistic.

What about making new system calls to store and retrieve cookies?

At the moment, any process that wants to install a cookie in the jar
must either write the cookie into the memory area belonging to another
process, or remove the reference to that process's memory area, and
make a new area that's larger than the old (which is itself sightly
wasteful as it leaves old cookie jars lying around in memory!)

If the cookie jar was administered by the kernel, I feel things would
be cleaner, and it would be a step towards making MiNT more secure,
too.

If the jar was still maintained at the current address, existing
programs would still be able to manipulate it, but later on Supexec()
could be made root-only, and security tightened up.

What do you think?

--
Charles Briscoe-Smith
2nd Year student of Computer Science
University of Kent at Canterbury, United Kingdom, European Union.