Check out the new USENIX Web site. next up previous
Next: Miscellaneous functionality Up: Future work Previous: Future work

Protection of kernel memory

Since the kernel's memory is in each process address space, it is vulnerable to being changed by user space code. This is a security hole as well as making the entire virtual machine vulnerable to a badly written process. Kernel memory needs to be write-protected whenever process code is running, and write-enabled when the kernel is running. The one tricky aspect of this is that the code which write-enables kernel data will run on a kernel stack, which needs to be writable already. So, that stack page will be left writable when the process is running. It's not a problem if the process manages to modify it because it is fully initialized before any code starts running on it. Nothing depends on anything left behind on the stack.



Jeff Dike 2000-08-23