Re: Warn users about machines with non-working WP bit

Pavel Machek (pavel@ucw.cz)
Thu, 4 Apr 2002 00:27:22 +0200


Hi!

> > This might be good idea, as those machines are not safe for multiuser
> > systems.
> >
> > --- clean.2.5/arch/i386/mm/init.c Sun Mar 10 20:06:31 2002
> > +++ linux/arch/i386/mm/init.c Mon Mar 11 21:49:14 2002
> > @@ -383,7 +383,7 @@
> > local_flush_tlb();
> >
> > if (!boot_cpu_data.wp_works_ok) {
> > - printk("No.\n");
> > + printk("No (that's security hole).\n");
> > #ifdef CONFIG_X86_WP_WORKS_OK
> > panic("This kernel doesn't support CPU's with broken WP. Recompile it for a 386!");
> > #endif
> >
> > Pavel
>
> The "bug" is really the lack of a feature present on 486+ cpus. A 386
> will allow the kernel to write to a write-protected user page (but not a
> write-protected kernel page). In user mode, write protect works as it
> should. The kernel works around this by doing extra checks when writing
> to user pages (check the *_user() functions). It is not a security

It is, because those checks are racy when clone() is in use. Linus
stated that few times.
Pavel

-- 
Casualities in World Trade Center: ~3k dead inside the building,
cryptography in U.S.A. and free speech in Czech Republic.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/