Subject: Re: bad effect of keeping page table mapped in user space ?
To: None <tech-kern@NetBSD.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
Date: 11/26/2007 23:15:02
> can anyone see a bad side effect or security issue of having a
> process's page table mapped in the process's VM space ?
Well, obviously, they have to be mapped read-only, or it's a security
hole you could fly a jetliner through. You did say this was already
done, if I read correctly. And, almost as obviously, a process has to
have access to only its own mappings.
It seems to me that it exposes to userland information userland
arguably should not have.
For example, it exposes exactly which virtual pages happen to be backed
by real memory at the moment. This leads to the possibility of
exploiting the swapper as a hard-to-detect covert channel. I'm not
sure we should care about this; we're so riddled with covert channels
already I'm not sure one more is worth worrying about. This feels to
me like a problem, but I'm unable to come up, right now, with an
example of exactly why it would be a problem.
It also exposes the physical addresses of devices userland happens to
have mapped (like, potentially, framebuffers). Again, this feels wrong
but I can't come up with a specific example of why.
In short, it bothers me but I have nothing specific to cite.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML email@example.com
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B