[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security stuff



> GEM writes to memory on request from the caller (intout, ptsout, addrout).
> The address of this memory is user defined, and GEM does not check it in

Ooops!
That's a much worse problem than the vector and userdef routines being
called in supervisor mode. I'd guess most programs would probably work well
even if those were changed to run in user mode.

> any way.  Thus you can use GEM to write to arbitrary memory regions.  The
> only way to make this safe is to disallow GEM altogether.

It certainly seems like it would be nearly impossible to patch normal GEM
to deal with this, but for the newer ones there shouldn't really be much
of a problem, I think.

Apart from the actual calling of the OS, which must of course still be
possible via TRAPs, there is no reason to stay in supervisor mode, AFAICS.
There might be a need for a couple of accesses to protected memory, but most
of the work, including reading and writing of parameters, could well be done
from user mode, couldn't it? If it is, normal memory protection will take
care of any attempts at tampering.

-- 
  Chalmers University   | Why are these |  e-mail:   rand@cd.chalmers.se
     of Technology      |  .signatures  |            johan@rand.thn.htu.se
                        | so hard to do |  WWW/ftp:  rand.thn.htu.se
   Gothenburg, Sweden   |     well?     |            (MGIFv5, QLem, BAD MOOD)