On 29 May 2012 15:42, Stas Sergeev wrote: > 29.05.2012 07:01, Bart Oldeman wrote: >> >> machine in DOS days. And if you have an older computer, just use a 32 >> bit kernel and set mmap_min_addr to 0 and things still work (with a >> security risk -- unplug the network if you're paranoid). > > What do you think about the MMAP_PAGE_ZERO personality > instead?
It looks blocked (try setarch -Z dosemu.bin), otherwise it would be too easy to bypass :) Just getting dosemu to have access to the zero page wouldn't make sense for untrusted users because then you could just have a DPMI program exploiting a kernel bug. Perhaps it would be possible to allow trusted users access but we already have a mechanism for that (sudo with dosemu -s). Allowing page zero mmaps while protecting the kernel can technically be done http://www.mail-archive.com/fedora-devel-list@redhat.com/msg10435.html but I'm not sure if it would get ugly (IRQ handlers would need to protect the zero page on every entry and unprotect on exit, if necessary). Bart ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Dosemu-devel mailing list Dosemu-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dosemu-devel
