Exploit Methods/Userspace execution

From Linux Kernel Security Subsystem

Revision as of 23:15, 4 November 2015 by KeesCook (talk | contribs) (Created page with "= Details = Once an attacker has gain control over the instruction pointers, it must be aimed somewhere. The place where attackers have the most control over memory layout ten...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Details

Once an attacker has gain control over the instruction pointers, it must be aimed somewhere. The place where attackers have the most control over memory layout tends to be in userspace, so it has been natural to place malicious code in userspace and have the kernel redirection execution there.

Examples

See nearly every other exploit example listed under other Exploit Methods and Bug Classes.

Mitigations

hardware segmentation: SMEP (x86), PXN (arm)
compiler instrumentation to set high bit on function calls
emulate memory segmentation via separate page tables (e.g. PAX_MEMORY_UDEREF)

Retrieved from "http://kernsec.org/wiki/index.php?title=Exploit_Methods/Userspace_execution&oldid=3740"