Exploit Methods/Text overwrite

From Linux Kernel Security Subsystem
Revision as of 23:00, 4 November 2015 by KeesCook (talk | contribs) (Created page with "= Details = If an attacker has a write primitive and knows where the kernel is located in memory, they could overwrite functions to do whatever they wanted. Protecting against...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Details

If an attacker has a write primitive and knows where the kernel is located in memory, they could overwrite functions to do whatever they wanted. Protecting against this is the most basic of kernel memory protections: make sure the kernel is read-only.

Examples

  • patch setuid to always succeed

Mitigations

  • Do not leave executable memory also writable