Correct - the approaches work fine when race conditions are eliminated
Posted Aug 16, 2007 14:35 UTC (Thu) by dwheeler
In reply to: Please educate a curious cat
Parent article: Exploiting races in system call wrappers
Correct; the attacks ONLY work if the design permits race conditions. The notion that user-space data will stay unchanged during a kernel call is untrue is practically all of today's OSs, and this attack worked in the 1960s and 1970s too (it's well-documented). The solutions are well-documented, too; eliminate the race condition. The "easy" way is to copy all data into the kernel, and then use that protected version. The trick is to get good performance as well.
to post comments)