The HyperNews Linux KHG Discussion Pages

Question: Ldt & Privileges

Forum: The Linux Kernel Hackers' Guide
Keywords: LDT Memory Privilege
Date: Fri, 24 Jul 1998 15:17:57 GMT
From: Ganesh <[email protected]>

Hi,
 I need some help with something related to modify_ldt system call which was added to Linux. I would greatly appreciate your help.

 I am experimenting with a new protection mechanism.
I want to push a user process to privilege level 2 in Linux( by adding a system call) . If I do this, at the second level of protection checks in the CPU (ie. at the paging level), the user process would map to supervisor privileges.This is because x86 maps 0,1,2 to supervisor and 3 to user privilges at the paging level(that is what I understood from the manual. Please correct me if I am wrong). Will the process (at PL 2) be able to write to kernel pages since the protection check would go through at the page level?

  If so, I guess I can prevent it at the segment level by adding a check to modify_ldt code to figure out whether the process is making a pointer to a kernel segment. Is this correct? Anyway, the process wont be actually able to reload LDTR or change the actual LD Table directly without a system call(sys_modify_ldt). Or is there some roundabout way in which a process at privilge level 2 can somehow make an entry in LDT/access the kernel pages?

Again, any help would be greatly appreciated. Thanks a lot.