Linux: Tainting the Kernel From Userland

Posted by Scott_Ruecker on May 29, 2006 8:51 PM EDT
KernelTrap
Mail this story
Print this story

Theodore Ts'o proposed a new patch allowing a userland program to taint the kernel by writing to/proc/sys/kernel/tainted, "to be used when userspace is potentially doing something naughty that might compromise the kernel." When asked when this would be needed, Theodore went on to explain, "the problem is that the Real-Time Specification for Java (RTSJ) **requires** that the JVM provide class functions which provide direct access to physical memory; all physical memory.

In fact, the RTSJ compliance test explicitly checks for this; it requires that you give the compliance test the address of a few hundred megs of physical memory for the test.". He went on to add, "I was so unhappy about being forced by the RTSJ specification to do this insane thing that I wanted to make sure that if it were ever used, it would set a TAINT flag to warn people that just about anything unsane could have happened, and the system's stability was at the mercy of the competence of Java application programmers.".

The conversation that followed proposed having the tainting happen automatically when a process opens/dev/mem for writing. The notion that running X would then taint the kernel was briefly discussed, and Theodore replied, "it may make sense to have an explicit taint flag which means direct access to memory, via /dev/mem or otherwise, with exceptions for I/O mapped memory not claimed by a device driver (and of course X until it is fixed, or never, whichever comes first)."

Full Story

  Nav
» Read more about: Groups: Kernel, Linux; Story Type: News Story

« Return to the newswire homepage

Subject Topic Starter Replies Views Last Post
red flags for me jimf 3 1,159 May 31, 2006 5:28 AM

You cannot post until you login.