On Monday 10 October 2005 09:36, Jeff Dike wrote: > I think the worst case is skas3 with no stack randomization, where that > page will point somewhere into the process stack. There is some slight > possibility that something could store a password on its stack, and have > that end up in the area that the host ps looks for arguments. This would > make the password visible on the host for the time that this process in > context.
I'm not so worried about sensitive info because in the parent kernel you can just attach to the process from a debugger (although not necessarily as a different, normal user). I'm actually slightly more concerned about high ascii garbage or who knows what showing up and making ps look really weird. > With stack randomization, the UML process stacks will be located > elsewhere almost all the time, so with skas3, there is a smaller > chance that there will be a visible password there. > > With skas0, that page is the stub signal stack, which contains no sensitive > information. Is there any way to move the stub signal stack on skas0 by one page so that we can still have ps on the parent system look right? I don't know how hard that is. (Is there a design document for -skas0 anywhere? I found the /dev/anon page...) Rob ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ User-mode-linux-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
