> I'm pretty sure this isn't about changing cs or far jumps He's assuming that code can only run on two code segments and not arbitarily switch between them which is a completely incorrect assumption. > I think Indan means code is running with 64-bit cs, but the kernel > treats int $0x80 as a 32-bit syscall and sysenter as a 64-bit syscall, > and there's no way for the ptracer to know which syscall the kernel > will perform, even by looking at all registers. It looks like a hole > in ptrace which could be fixed. Possibly, but anything that bases its security on ptrace is typically unfixable racy (just think what happens with multiple threads and syscall arguments), so it's unlikely to do any good. -Andi -- ak@xxxxxxxxxxxxxxx -- Speaking for myself only. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
