[Ksummit-discuss] security-related TODO items?

Josh Triplett josh at joshtriplett.org
Sat Jan 21 01:47:02 UTC 2017


On Fri, Jan 20, 2017 at 04:14:25PM -0800, Andy Lutomirski wrote:
> This is not easy at all, but: how about rewriting execve() so that the
> actual binary format parsers run in user mode?

I really like that idea.  And not just the binary format parsers;
everything except the "do what would happen on exec" transition within
the kernel (the bits documented in execve(2) as changing/resetting on
execve, other than those bits trivially doable in userspace).

(One potential challenge: this still has to handle setuid binaries
safely.)

I can think of other syscalls where a userspace implementation would
make sense, as well, if it can run with reasonable performance.  For
instance, imagine moving compatibility syscalls, x32 syscalls, or
deprecated syscalls into userspace, such that if a process found a way
to compromise that layer, it couldn't compromise any other process.

- Josh Triplett


More information about the Ksummit-discuss mailing list