Re: Potenitial security hole in the kernel

Kurt Roeckx (Q@ping.be)
Tue, 29 May 2001 01:15:22 +0200


On Tue, May 29, 2001 at 12:30:03AM +0200, Vadim Lebedev wrote:
> Kurt,
>
> Maybe i'm missing something but it seems that during execution of the signal
> handler, user mode stack contains kernel mode context...
> Hence the security hole

It's rather complicated how things work.

Both the user and kernel stack are changed.

On the user stack we add a frame from the calling function. This
just looks a function call.

On the kernel stack we change the last frame so we "return" to
the signal handler from the kernel.

The signal handler then "returns" to the place where the process
did the system call. You do not return to the kernel.

I hope this helps you understand things better.

Kurt

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/