From owner-freebsd-hackers@FreeBSD.ORG  Fri Oct 17 03:22:31 2003
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3CC2B16A4B3
	for <freebsd-hackers@freebsd.org>;
	Fri, 17 Oct 2003 03:22:31 -0700 (PDT)
Received: from essence.sdodson.com (67-50-89-87.br2.tbr.ga.frontiernet.net
	[67.50.89.87])	by mx1.FreeBSD.org (Postfix) with ESMTP id EA7F743FD7
	for <freebsd-hackers@freebsd.org>;
	Fri, 17 Oct 2003 03:22:29 -0700 (PDT)
	(envelope-from samy@kerneled.com)
Received: from beastie.freebsd.local (dial37-234.sbm.net.sa [212.46.37.234])
	by essence.sdodson.com (8.12.10/8.12.10) with SMTP id h9HAM1in002375;
	Fri, 17 Oct 2003 10:22:16 GMT
	(envelope-from samy@kerneled.com)
Date: Fri, 17 Oct 2003 13:22:55 +0300
From: Samy Al Bahra <samy@kerneled.com>
To: David Gilbert <dgilbert@dclg.ca>
Message-Id: <20031017132255.197cd7b8.samy@kerneled.com>
In-Reply-To: <16271.7039.150262.159805@canoe.dclg.ca>
References: <1197083983.20031009074645@inbox.ru>
	<16271.7039.150262.159805@canoe.dclg.ca>
Organization: Kerneled
X-Mailer: Sylpheed version 0.9.5-gtk2-20030906 (GTK+ 2.2.1;
	i386-portbld-freebsd5.1)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
cc: freebsd-hackers@freebsd.org
cc: earthman@inbox.ru
Subject: Re: On-line judgment kernel module
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Oct 2003 10:22:31 -0000

On Thu, 16 Oct 2003 18:28:15 -0400
David Gilbert <dgilbert@dclg.ca> wrote:

> As you conjecture, a syscall-less or syscall-restricted environment
> *should* be safe ... if your syscall changes are bulletproof *_and_*
> the rest of the runtime environment is bulletproof.
Good system call policies are a WONDERFUL feature at a system
administrator's hands. There is no such thing as a syscall-less
environment but only a restricted (either at the same layer as the
system calls or above in terms of code path).

> Isn't a syscall required to finish off exit()?
Yes, consult kern_exit.c
How is this related to the discussion though? The fact is, most people
would not even want to TOUCH sys_exit and friends since there are no
real security advantages there. In otherwords, an exit system call
remains completely the same.

--
+-----------------------------------+
| Samy Al Bahra | samy@kerneled.com |
|-----------------------------------|
|     B3A7 F5BE B2AE 67B1 AC4B      |
|     0983 956D 1F4A AA54 47CB      |
|-----------------------------------|
|     http://www.kerneled.com       |
+-----------------------------------+