[windows] TLS/TEB/PEB isolation for private dll copies #249
Labels
Comments
|
From derek.br...@gmail.com on May 17, 2010 17:33:07 in r333 I added a pretty good step toward best-effort isolation, given that we can't My r333 change adds isolation of two data structures:
Labels: -Priority-Medium Priority-Low |
|
From bruen...@google.com on January 22, 2013 12:53:53 Fibers (Windows user-mode lightweight threads) swap TEB fields when they swap contexts. They do this via regular memory copies, so there's nothing special to help us out there. But, we should look at the fiber TEB switch to see the full list of fields and sub-fields we'd need to copy for full isolation. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
From derek.br...@gmail.com on January 16, 2010 12:35:09
xref private Windows loader issue #157 for now we're not providing perfect isolation and are assuming that nothing
terribly intrusive will be done to the TLS (TEB, PEB) shared w/ the app's
dlls. ideally we would could create our own segment and private copies of
the TEB and PEB and have our private dlls use that instead of the system's
per-thread segment. it's not clear we could emulate everything done to
initialize them, and there may be issues with trying to initialize fields
owned by the loader or other components we don't need. would we leave such
fields uninitialized, or would we call LdrInitializeThunk and assume the
only global side effects will be limited to the (private) PEB?
we'd create our own segment via NtSetLdtEntries (xref PR 208009). though
this is only available on 32-bit Windows kernels (xref PR 212905) and
patchguard may prevent even a kernel driver from adding new gdt entries on
64-bit? also xref issue #108 .
Original issue: http://code.google.com/p/dynamorio/issues/detail?id=249
The text was updated successfully, but these errors were encountered: