Re: Why two stacks per process? | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
On Fri, 2008-04-25 at 00:54 +0800, Peter Teoh wrote: > this violate the first principle mentioned above.....the current CPU > may be processing in kernel mode, but another CPU may be processing in > userspace mode, same process, and as all the userspace memory are > visible to him, he can view the kernel's data. yes! and vice versa - this other thread can also write to the shared stack - changing this hypothetical shared user/kernel stack while the kernel is using it on a different thread certainly has very direct security implications... T kernel code userspace code -- -------------------------------------- ----------------------- 1 int access_check; 2 3 access_check = security_check(foobar); 4 access_check = 1; 5 if (access_check != 0) 6 do_something_scary(); I think its pretty clear that you can't share the userspace stack effectively. As for having 1 in kernel space for every userspace stack, instead of some kind of sharing there certainly seem to be advantages to 1:1 but it isn't the only approach. -Patrick -- www.ducksong.com -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
[Newbies FAQ] [Kernel List] [Site Home] [IETF Annouce] [Git] [Networking] [Security] [Bugtraq] [Rubini] [Photo] [Yosemite] [MIPS Linux] [ARM Linux] [Linux Security] [Linux Networking] [Linux RAID] [Linux SCSI] [Linux ACPI] [DDR & Rambus] [UNIX Filesystems] [Linux Resources]
|
|