Ldt & Privileges
|
Hi, I need some help with something related to modify_ldt system call which was added to Linux. I would greatly appreciate your help. I am experimenting with a new protection mechanism. I want to push a user process to privilege level 2 in Linux( by adding a system call) . If I do this, at the second level of protection checks in the CPU (ie. at the paging level), the user process would map to supervisor privileges.This is because x86 maps 0,1,2 to supervisor and 3 to user privilges at the paging level(that is what I understood from the manual. Please correct me if I am wrong). Will the process (at PL 2) be able to write to kernel pages since the protection check would go through at the page level? If so, I guess I can prevent it at the segment level by adding a check to modify_ldt code to figure out whether the process is making a pointer to a kernel segment. Is this correct? Anyway, the process wont be actually able to reload LDTR or change the actual LD Table directly without a system call(sys_modify_ldt). Or is there some roundabout way in which a process at privilge level 2 can somehow make an entry in LDT/access the kernel pages? Again, any help would be greatly appreciated. Thanks a lot. |
