This category includes operations that are initiated inside the kernel, instead of going through system call interfaces. As such, they do not go through the normal security checks that system calls go through. As the kernel developers have added some limitations on the kernel's use of these commands, it is clear that they are security-sensitive.
One example is the do_coredump()
function, which creates a core
file containing in-memory image of the running process, when certain
signals are caught that end the process. A check is done when the
core file is created, however, subsequent seeks and writes to the file
are performed without security checks. This deviates from the user
case, where every lseek()
or write()
system call
requires a check.
Another example is the kswap daemon. The kswapd daemon calls prune_icache() , which tries to sync the inodes that are to be released. The inodes are reached via a global variable super_blocks , which contains heads for various inode lists.