On 18 sept. 2012, at 23:50, comex wrote:

On Tue, Sep 18, 2012 at 5:48 PM, comex <comexk@gmail.com> wrote:

...

On Tue, Sep 18, 2012 at 5:22 PM, Jean Suisse <jean.lists@gmail.com> wrote: That's not sufficient: for an attacker to even know the value of the heap pointer compromises KASLR

Er, and that's assuming that "only the kernel can write to the structure" means that only kernel-originated requests can modify or delete the structure. If user requests are allowed to modify it, as you said in your original message, it's pretty much an immediate game over.

Yes, sorry about that. I wanted to make it short. The modifications the app can request are behavior modifications from the kext towards a particular data structure. But that doesn't matters. You and John CRISWELL have convinced me. And adding new security holes is unacceptable. I will change the design and probably use a system of slots + combined handle/UID to track data structures. The only drawback will be for automatic old data structures removal. But that should not happen so frequently. Many thanks to both of you for your advices. Jean _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.... This email sent to site_archiver@lists.apple.com