[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [linux-security] Malicious Linux modules (fwd)



On Sun, 12 Oct 1997, Shlomi Fish wrote:

> At 05:04 PM 10/9/97 +0200, Ira Abramov wrote:

> Well, judging by this code portion, the easiest way to eliminate the
> possiblity of such abusive behaviour is to modify the kernel so it will not
> use sys_call_table at all. I.e: when the kernel receives a signal it is
> forwarded to the corresponding handler by using a switch() statement,
> rather than an array of pointers to function. That way, it will be
> impossible to alter the handlers, at least with such ease.
> 
> I'm not an expert at the Linux kernel architecture, so don't flame me if
> this idea cannot be implemented for some reason.

I'm no expert either, but I suspect that this feature was put in the Linux
kernel for a reason, most probably other modules use it too (grep the
source tree?).


-------------------------------------------------------------------------
Ira Abramov <ira(a)scso.com>  (mail ira-pgp(a)scso.com for the PGP key)