[grsec] KERNEXEC^Vmware?

[pageexec at freemail.hu]

On 12 Jan 2006 at 1:49, Andrew Griffiths wrote:
> > as for fixing it, you (or vmware, if they cared) would have to add
> > pax_open_kernel/pax_close_kernel calls around all the code that
> > attempts to modify read-only memory. short of source code, one can
> > resort to binary patching, but that'll be a bit of black magic ;-).
> > 
> 
> I believe the vmmon module source code is in
> /usr/lib/vmware/modules/source/vmmon.tar (ymmv) -- not sure how 
> complete it is, or if it uses any .o files (doesn't look like it), but
> from memory this is used when you're building the vmware modules
> yourself. 

wow, thanks for hitting me the cluestick, i didn't expect
them to follow the strict GPL interpretation and provide
full sources to the kernel bits.

> No direct reference in the source to cpu_gdt_table, but there are
> references to the tss busy bit.

"grep -rn Desc_Set ." is your friend ;-). it seems that
only Desc_SetType is really used in .c and only once, so
that would be easy to fix, but as far as i see, they're
not using linux/config.h for some reason so i don't know
if one can make it depend on CONFIG_PAX_KERNEXEC. and the
next question is if there're other bits that execute in
the guest kernel's context and want to write to read-only
memory, but KERNEXEC will report that one by one i guess ;-).

> As for VMware caring; the guy who does the vmware-any-any updates works
> for vmware last I read up on those updates, and I suspect would be the 
> best person to approach to get this in the offical vmware modules.

does he care about supporting patched kernels?