| |||||||||||||
Linux 3.0?Linux 3.0?Posted Sep 4, 2008 11:48 UTC (Thu) by cde (guest, #46554)Parent article: Linux 3.0?
One cool feature I'd like to see for Linux 3.0 is the return of the 4G/4G user/kernel split. Of course, there is a performance hit on the TLB (up to 30% iirc on a P4). The nice thing about a full split is, you protect from a whole range of attacks that involve executing user-space code in the context of the kernel.
A good example is the vmsplice exploit which is quite complicated but basically lead to ring0 code execution because lower pages could be manipulated by user space (using MMAP_FIXED), and those were mapped into the kernel as well.
Now I understand not everyone would want this feature, but it'd be a plus for security-minded sysadmins. In addition, it'd be nice if Linux could move to a more micro-kernel like design. There's an additional performance hit but once again you improve security (although IPC introduces a new class of potential flaws).
(Log in to post comments)
Linux 3.0? Posted Sep 4, 2008 15:16 UTC (Thu) by jengelh (subscriber, #33263) [Link]
32-bit x86 will most likely be on the decline and hence a 4/4 split getting less and less attention as people use 64 bit machines.
Linux 3.0? Posted Sep 10, 2008 23:15 UTC (Wed) by PaXTeam (subscriber, #24616) [Link]
if you're playing with i386 features then you're a whole lot better off by using UDEREF in PaX. it's got no performance impact basically and properly separates userland/kernel address spaces.
|
|||||||||||||