The systrace code is now the only user of the 'stackgap' (which it uses
when it modifies system call arguments).

As well as being a nasty hack, there are several problems with this:

1) The 'stackgap' is a per process data area, so if it gets used for
   more than one lwp at a time, then the modified arguments overwrite
   each other.

2) A malicious program might use a 2nd lwp to modify the arguments in
   the stackgap area after they have been 'sanitised' by the systrace
   code.

One solution would be to allow the controlling process to map some
memory into the target processes address space in such a way that
the process itself cannot access it (or at least cannot write it),
but so that the kernel can use it for copyin/out.
(Possibly it could be mapped directly into the controlling processes
address space.)

On some ports (eg i386) I think this can be done by just marking the
page(s) as 'system' rather than 'user'.

Thoughts ?

	David

-- 
David Laight: david@l8s.co.uk