|| ||Alan Cox <alan-AT-lxorguk.ukuu.org.uk>|
|| ||Andi Kleen <andi-AT-firstfloor.org>|
|| ||Re: [patch] Add basic sanity checks to the syscall execution patch|
|| ||Thu, 4 Sep 2008 13:34:19 +0100|
|| ||Arjan van de Ven <arjan-AT-infradead.org>,
linux-kernel-AT-vger.kernel.org, mingo-AT-elte.hu, tglx-AT-tglx.de,
hpa-AT-zytor.org, Benjamin Herrenschmidt <benh-AT-kernel.crashing.org>|
On Thu, 04 Sep 2008 14:01:46 +0200
Andi Kleen <firstname.lastname@example.org> wrote:
> Arjan van de Ven <email@example.com> writes:
> > Add basic sanity checks to the syscall execution patch
> This just means that the root kits will switch to patch
> the first instruction of the entry points instead.
> So the protection will be zero to minimal, but the overhead will
> be there forever.
Agreed entirely. This is a waste of time and a game not worth playing.
The only place you can expect to make a difference here is in virtualised
environments by teaching KVM how to provide 'irrevocably read only' pages
to guests where the guest OS isn't permitted to change the rights back or
the virtual mapping of that page.
to post comments)