[grsec] grsecurity & lguest
Philip Sanderson
philip.k.sanderson at gmail.com
Tue Nov 2 18:24:36 EDT 2010
> > KERNEXEC seems like it would be unsupported; as lguest wants to map
>> > executable code at 0xff[ce]00000 (drivers/lguest/core.c). I know for
>> certain
>> > it does not work if you enable kernel modules :-) It would be nice if it
>> was
>> > supported for the host.
>>
>
I think I'm getting closer to why it's not supported on the guest:
./lguest 64 ../../../diffs/linux-2.6.35.8/vmlinux
lguest: unhandled trap 13 at 0x1001081 (0x10)
1081: ea 88 10 00 00 10 00 ljmp $0x10,$0x1088
So I'm guessing it's not quite compatible with the segment selectors used
when KERNEXEC is enabled since it reference to BOOT_CS, and it's dying on
the ljmp to that CS.
BOOT_DS seems to work -- maybe the BOOT_CS Privilege level needs to be set
to 1 ? I'll have a look further later on today.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://grsecurity.net/pipermail/grsecurity/attachments/20101103/d2219695/attachment.htm>
More information about the grsecurity
mailing list