[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Supexec/Super patch?



> > >what do you think, it is a reasonable idea to patch these functions to be
> > >root only and release a beta kernel to test with existing software?
> > 
> > Very Bad Idea. This will break any program accessing the cookie jar, meaning 
> > everything linked with the MiNT lib.
> > 
> > Face it: you can't make it more secure without breaking almost everything.
> 
> I agree. The only way avoiding super/supexec is to add shadows for some
> system variables in user accessable mem. (could be global accessable read only
> memory) And add a flag in the prg header to control super/supexec behaivour.

Shadowing would need PMMU programming, right? Or a patch for BUSERR
handler to emulate vital system variables in user address space...?

Konrad M.Kokoszkiewicz

mail:draco@nidus.mi.com.pl
     draco@irc.pl
     draco@piwo.bl.pg.gda.pl
     conradus@avanti.orient.uw.edu.pl
     conradus@plearn.edu.pl
     draco@nuova.id.uw.edu.pl
http://www.orient.uw.edu.pl/~conradus/
 IRC:[Draco]

*** Ea natura multitudinis est,
*** aut servit humiliter, aut superbe dominatur.
*************************************************
*** U pospolstwa normalne jest, ze albo sluzy ono
*** unizenie, albo bezczelnie sie panoszy.
                                           (Liv. XXIV, 25)