30.05.2012 05:33, Bart Oldeman wrote: >> What do you think about the MMAP_PAGE_ZERO personality >> instead? > It looks blocked (try setarch -Z dosemu.bin), otherwise it would be > too easy to bypass :) Hmm? Works perfectly for me, but doesn't do the trick unless mmap_min_addr is set to zero or you are a root... And root is allowed to bypass mmap_min_addr even without setarch, so nothing new. Sigh.
> program exploiting a kernel bug. Perhaps it would be possible to allow > trusted users access but we already have a mechanism for that (sudo > with dosemu -s). Just wondering, are you sure it really works? Root can bypass mmap_min_addr, yes, but dosemu -s drops root soon, so are you sure everything will work in dosemu -s case? I guess you'd need some prctl to allow changing the mmap addr only for the calling process, and since there is none, I wonder how does that work right now. But if it does - great. > Allowing page zero mmaps while protecting the kernel can technically be done > http://www.mail-archive.com/fedora-devel-list@redhat.com/msg10435.html > but I'm not sure if it would get ugly (IRQ handlers would need to > protect the zero page on every entry and unprotect on exit, if > necessary). I certainly think the kernel have to deal with its bugs on its own, without offloading its headaches into userspace... ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Dosemu-devel mailing list Dosemu-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dosemu-devel
