-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 14 February 2003 06:37 pm, Mark J Roberts wrote: > bdonlan: > > I don't understand. Anyway, why not fork() and restrict the child? > > That is hardly easy or efficient. > > My point is that I've got this notion of being able to use some > capability only by calling a predefined function (ie, the one I > posted that accepts user input from the terminal), but I don't know > how to translate that into a generic kernel facility.
The function could be overwritten. > The kernel is concerned with ensuring that the state of the program > is acceptable before allowing a capability to be used. For instance, > that the predefined function was called normally, instead of jumping > into it halfway with a malicious stack. How can it determine that? The typical state of the stack vaires widely. Have the functions been using alloca? Is it in a signal handler? Was this part compiler with gcc? This part with icc? All of these can alter the structure of the stack. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+TX42x533NjVSos4RArD2AJ9PcnfsNOVbg1ma7I3KjKxGxCwABwCdHiY5 Mk4R5ykUGz52i2CxCH2n3YM= =dOA2 -----END PGP SIGNATURE----- _______________________________________________ devl mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org:8080/cgi-bin/mailman/listinfo/devl
