Exploit Methods/Userspace data usage

From Linux Kernel Security Subsystem

Revision as of 23:20, 4 November 2015 by KeesCook (talk | contribs) (Created page with "= Details = Sometimes an attacker won't be able to control the instruction pointer directly, but they will be able to redirect the dereference a structure or other pointer. In...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Details

Sometimes an attacker won't be able to control the instruction pointer directly, but they will be able to redirect the dereference a structure or other pointer. In these cases, it is easiest to aim at malicious structures that have been built in userspace to perform the exploitation.

Examples

Mitigations

hardware segmentation: SMAP (x86), PAN (arm, arm64), Domains (arm)
emulate memory segmentation via separate page tables (e.g. PAX_UDEREF)

Retrieved from "http://kernsec.org/wiki/index.php?title=Exploit_Methods/Userspace_data_usage&oldid=3741"