kernel rakshakudu wrote:
>
> Hi,
>
> I am doing my thesis on secure patches to linux kernel.
>
> in linux(on i386) data segment and code segment overlap. this is
> evident from the entries of GDT in head.s file.
>
> Since data segment and code segment overlap, attackers can over flow
> a buffer and run malicious code. Thus buffer over flow attacks are
> successful.
>
> i wonder why did they(kernel authors) make segments to overlap in
> linux on i386. but in case of other architectures they donot over lap.
> iam trying to put non over lapping data and code segments. i also
> looked into Open wall linux patch. even this patch could not avoid
> overlapping segments.
>
> so let me know the reason for this fully overlapping segments in linux
> on i386.
Linux is based on a flat memory model, not a segmented
memory model. This is true on all architectures, I believe.
On x86, the code and data segments are set up at boot
time, and their only purpose is to allow the kernel
to completely ignore the x86 segmentation scheme
thereafter.
Any distinction between code and data is enforced
at the page level, not at the segment level.
Cheers,
-- Joe
> thank you,
>
> "Conquering Myselves to Conquer The World"
>
> "Securing Kernel to Secure Whole System"
>
> ----------------------------------------------------------------------
> Do You Yahoo!?
> Sign-up for Video Highlights of 2002 FIFA World Cup
--
"Thanks to Microsoft, I am now blind in both eyes. They have
rolled back in my head so many times this week that they
are apparently stuck there now."
- Jonathan Rickman, regarding M$ anti-open-source PR.
--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive: http://mail.nl.linux.org/kernelnewbies/
FAQ: http://kernelnewbies.org/faq/
