Check out the new USENIX Web site. next up previous
Next: Type Error Rates Up: Type Error Categorization Previous: Category 2: Controlled Objects

Category 3: Kernel-Initiated Operations Bypassing Security Checks

This category includes operations that are initiated inside the kernel, instead of going through system call interfaces. As such, they do not go through the normal security checks that system calls go through. As the kernel developers have added some limitations on the kernel's use of these commands, it is clear that they are security-sensitive.

One example is the do_coredump() function, which creates a core file containing in-memory image of the running process, when certain signals are caught that end the process. A check is done when the core file is created, however, subsequent seeks and writes to the file are performed without security checks. This deviates from the user case, where every lseek() or write() system call requires a check.

Another example is the kswap daemon. The kswapd daemon calls prune_icache() , which tries to sync the inodes that are to be released. The inodes are reached via a global variable super_blocks , which contains heads for various inode lists.


next up previous
Next: Type Error Rates Up: Type Error Categorization Previous: Category 2: Controlled Objects
Catherine Zhang 2002-05-13