Hi Ramagudi
Very interesting. Thank you for that.
What about the "int $80" directive ? that one IS embedded in the code
itself.
is it possible because it is supported on all cpus ?
I guess that is just the developer that thinks it is better to hard code
that int 80h or he/she just doesn't aware that SYSENTER/SYSCALL are
there. You'll see lots like this if you observe hacker's shellcode
spreading on Net, right Arjan? ;)
would you happen to know why static libraries do not use the VDSO ?
maybe because static lib assumes it can be used in non VDSO environment?
thus, to prevent jumping into address of VDSO that doesn't exist, it
simply use int 80h... just a guess...
(maybe they just can't assume they will run under the dynamic linker ?
Is the VDSO is mapped by the dynamic linker ?)
Yes, VDSO is linked by ld.so. The actual address of VDSO is passed by
the loader to the executable, thus the jump to the VDSO is determined at
run time, not at linking/compile. This was once made permanent into
certain address, but AFAIK Arjan and other security hacker thinks this
made cracker easier to break into VDSO, thus it is later placed at
dynamic address.
Does this answer your doubt?
regards,
Mulyadi
--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive: http://mail.nl.linux.org/kernelnewbies/
FAQ: http://kernelnewbies.org/faq/
