Open gulmezmerve opened 1 month ago
seccompgeek
commented
1 month ago Hi, Please checkout the simple function hooking used in mpk-library/mpk.c. For a more complete yet invasive approach (especially if your FFI binaries may make MPK-disabling system calls), you will have to modify the kernel, as done by the PKU Pitfalls paper cited by TRust. Especially if you intend to use TRust for production, we recommend using the kernel modification approach.
gulmezmerve
commented
1 month ago Here, I assume that you want to hook the mmap, and in either case, it returns the real_mmap. What is your intention here? As far as I understand that if system call is coming from unsafe side, you should reject the system call or filter that unsafe mmap call cannot touch the safe side
seccompgeek
commented
1 month ago You are right, most cases are lazily handled. Originally, after checking the domain with the get_domain(), calls from the unsafe domain would simply be redirected to the unsafe allocator with malloc, and mremap with realloc. You can perform further operation to handle flags, offsets and fd. Simply rejecting the unsafe calls (eg by returning MAP_FAILED) caused some programs to just crash, so you may want to handle that part according to your plans.
Hi;
In the Trust paper, you mentioned that the Trust runtime hooks system calls: Which method are you using for hooking system calls? Where is the code?
Thanks in advance Merve