Re: Passing pointers as UIDs | kernel<->userspace communication
Re: Passing pointers as UIDs | kernel<->userspace communication
- Subject: Re: Passing pointers as UIDs | kernel<->userspace communication
- From: Jean Suisse <email@hidden>
- Date: Wed, 19 Sep 2012 09:33:13 +0200
On 18 sept. 2012, at 23:50, comex wrote:
> On Tue, Sep 18, 2012 at 5:48 PM, comex <email@hidden> wrote:
>> On Tue, Sep 18, 2012 at 5:22 PM, Jean Suisse <email@hidden> wrote:
>> That's not sufficient: for an attacker to even know the value of the
>> heap pointer compromises KASLR
>
> Er, and that's assuming that "only the kernel can write to the
> structure" means that only kernel-originated requests can modify or
> delete the structure. If user requests are allowed to modify it, as
> you said in your original message, it's pretty much an immediate game
> over.
Yes, sorry about that. I wanted to make it short. The modifications the app can request are behavior modifications from the kext towards a particular data structure.
But that doesn't matters. You and John CRISWELL have convinced me. And adding new security holes is unacceptable.
I will change the design and probably use a system of slots + combined handle/UID to track data structures. The only drawback will be for automatic old data structures removal. But that should not happen so frequently.
Many thanks to both of you for your advices.
Jean
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden