Exploit Methods/Kernel location

From Linux Kernel Security Subsystem

Jump to navigation Jump to search

Details

Finding the kernel location can be an important first step for exploitation. Without it, for example, it's harder to make kernel function calls for privilege escalation. Besides the kernel itself, lots of other locations may be valuable to an attacker. See Kernel pointer leaks for more information.

Examples

See Kernel pointer leaks examples
/proc/kallsyms, /proc/modules
ksymhunter

Mitigations

hide symbols and kernel pointers (see Kernel pointer leaks)
kernel ASLR
runtime randomization of kernel functions
executable-but-not-readable memory
per-build structure layout randomization (e.g. GRKERNSEC_RANDSTRUCT)

Retrieved from "http://kernsec.org/wiki/index.php?title=Exploit_Methods/Kernel_location&oldid=3737"