[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IOKit KEXT Questions

Subject: Re: IOKit KEXT Questions
From: Ernesto Corvi <email@hidden>
Date: Thu, 16 Aug 2007 12:29:58 -0400
Delivered-to: email@hidden
Delivered-to: email@hidden

On Aug 15, 2007, at 7:24 PM, Terry Lambert wrote:

We hide system calls so someone unscrupulous does not overwrite their entry points with jump instructions to their own code, perhaps thinking that we do not change locking or other implementations details in software updates.

If you need to trap and/or prevent this type of operation for legitimate reasons, use kauth instead.

How is that going to prevent any unscrupulous people from hooking into the kernel? I'm baffled.

An unscrupulous person most likely doesn't care at all if his code runs with the next software update. By the time the next software update comes around, he already did his key-logging, ran his daemons and potentially completely compromised the system.

Do we *really* need to send a feature request to harden the security on the kernel and provide a truly authorized KPI for legitimate patches?

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/darwin-dev/email@hidden

This email sent to email@hidden

Follow-Ups:
- Re: IOKit KEXT Questions
  - From: Terry Lambert <email@hidden>
- Re: IOKit KEXT Questions
  - From: Amanda Walker <email@hidden>

References:
	>IOKit KEXT Questions (From: Matt Burnett <email@hidden>)
	>Re: IOKit KEXT Questions (From: Terry Lambert <email@hidden>)

Prev by Date: Re: Rereading A Partition Table
Next by Date: Re: IOKit KEXT Questions
Previous by thread: Re: IOKit KEXT Questions
Next by thread: Re: IOKit KEXT Questions
Index(es):
- Date
- Thread

Home