Place syscall table in read-only memory #1409
Description
Right now, syscall registration is dynamic, with the init() functions for various executive subsystems registering their own syscalls. While it may make the code a bit cleaner, it is also a fairly important security problem. A kernel vulnerability that allows arbitrary write access could allow an attacker to put internal kernel functions in the syscall table, and gain kernel ROP or bypass security checks. In order to prevent this kind of attack, the syscall table needs to be made read-only and statically declared at compile time.