User: Password:
|
|
Subscribe / Log in / New account

Virtual Machines and Memory Protections

Virtual Machines and Memory Protections

Posted Nov 22, 2006 11:45 UTC (Wed) by nix (subscriber, #2304)
In reply to: Virtual Machines and Memory Protections by skissane
Parent article: Virtual Machines and Memory Protections

Something like mmalias() seems more useful: hand it a memory area and it creates an alias to it in a new VMA (and thus at a new virtual address) and hands it back to you. Then you can mprotect() it howsoever you wish.

Of course subverted code can now call this as well, but that's in general true of *any* means of allowing dynamically-generated code. If your code can do it as part of its normal operation, there's no way to statically tell if it's been subverted into doing it.


(Log in to post comments)

Virtual Machines and Memory Protections

Posted Nov 22, 2006 11:45 UTC (Wed) by nix (subscriber, #2304) [Link]

(mmalias() doesn't exist, I just made it up. Still it seems possible.)

Virtual Machines and Memory Protections

Posted Nov 22, 2006 19:18 UTC (Wed) by bluefoxicy (guest, #25366) [Link]

> Of course subverted code can now call this as well, but that's in general true of *any* means of allowing dynamically-generated code. If your code can do it as part of its normal operation, there's no way to statically tell if it's been subverted into doing it.

Exactly the point. Comment posted at http://lwn.net/Articles/210804/ goes into great detail about protecting against these attacks; but it all boils down to what you just said: If you can dynamically generate code, so can an attacker hijacking you.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds