Please educate a curious cat
Posted Aug 16, 2007 13:27 UTC (Thu) by kleptog
In reply to: Please educate a curious cat
Parent article: Exploiting races in system call wrappers
I think the point is that the system call wrapping was supposed to be cheap and quick, hence the wanting to avoid copying the data twice. The wrapper gets the data exactly the same way as the system call.
What you suggest (copying data then checking) is I think pretty much what the LSM do. Rather than just wrapping the system call, it gets called *after* the kernel has copied it to kernel space. This it's safer, but not as easy to write...
to post comments)