[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Supexec/Super patch?

To: mint@atari.archive.umich.edu
Subject: Re: Supexec/Super patch?
From: Hartmut Keller <Keller@informatik.uni-stuttgart.de>
Date: Mon, 1 Sep 1997 12:29:54 +0200
In-reply-to: <9708311003.AA01656@merlin.it.lth.se> (message from Sven Karlsson on Sun, 31 Aug 1997 12:03:11 +0200)

>>>>> "Sven" == Sven Karlsson <sven@it.lth.se> writes:

>> Very Bad Idea. This will break any program accessing the cookie jar, meaning 
>> everything linked with the MiNT lib.
>> 
>> Face it: you can't make it more secure without breaking almost everything.

> I agree. The only way avoiding super/supexec is to add shadows for some
> system variables in user accessable mem. (could be global accessable read only
> memory) 

How do you update the shadows? I think a more common way to solve such
problems is to encapsulate the problematic variables, i.e. to
introduce accessor functions to get and/or set them. These functions
can switch to supervisor mode as they like, but switch back to user
mode before returning to the caller. This also provides some
abstraction, so that the internal representation or access method can
be changed without the need to change every program using it.

Hartmut

+-------------------------+-----------------------------------------------+
|  Hartmut Keller         |  Internet: keller@informatik.uni-stuttgart.de | 
|  Inst. fuer Informatik  +-----------------------------------------------+
|  Breitwiesenstr. 20-22  |  "If there's only one reason to live in this  |
|  70565 Stuttgart        |   world, I'll find it!"      (All About Eve)  |
+-------------------------+-----------------------------------------------+

Follow-Ups:
- Re: Supexec/Super patch?
  - From: "Konrad M.Kokoszkiewicz" <draco@mi.com.pl>

Prev by Date: Re: Security hole
Next by Date: zsh 3.0.4 for MiNT
Previous by thread: Re: Security hole
Next by thread: Re: Supexec/Super patch?
Index(es):
- Date
- Thread