|
|
|
|
|
|
by jude-
4262 days ago
|
|
|
It's my understanding that it's not fixable without some help from the kernel. The fundamental problem is that a program can race ahead of a userspace syscall policy enforcement framework (i.e. sysjail) by trapping to the kernel directly. The authors identify several ways this can be exploited to gain privileged information or invoke syscalls the OS allows but the framework tries to prevent. |
|
|
Learned something new today thanks :)