Small correction, we do. In the paper we describe and the sources offer two alternative runtime monitors. One is based on a few kernel changes (lsm hooks) + an LSM module, the other combines p-trace and seccomp to filter for certian syscalls. Or am I missing something?
(IIRC both Xen PV and Virtualbox used the "hide stuff above 4GiB trick" for running paravirtualized 32-bit guests, with the guest kernel in ring 1 - they ensured that the GDT/LDT contained no 32-bit code segments, so it couldn't reach the hypervisor mappings above 4GiB)
-
-
and I think macOS had a bug where it didn't initialize r8-r15 for 32-bit processes because it assumed that those couldn't access the 64-bit-only registers; so you could leak data by letting a 32-bit task switch to 64-bit with IRET
-
Linux had a similar vuln: https://grsecurity.net/~spender/exploits/64bit_regleak.c …
End of conversation
New conversation -
-
-
er, s/no 32-bit code segments/no 64-bit code segments usable from rings !=0/, or something like that
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.