Exploit Methods/Userspace execution

From Linux Kernel Security Subsystem
(Difference between revisions)
Jump to: navigation, search
(Created page with "= Details = Once an attacker has gain control over the instruction pointers, it must be aimed somewhere. The place where attackers have the most control over memory layout ten...")
 
Line 1: Line 1:
 
= Details =
 
= Details =
 
Once an attacker has gain control over the instruction pointers, it must be aimed somewhere. The place where attackers have the most control over memory layout tends to be in userspace, so it has been natural to place malicious code in userspace and have the kernel redirection execution there.
 
Once an attacker has gain control over the instruction pointers, it must be aimed somewhere. The place where attackers have the most control over memory layout tends to be in userspace, so it has been natural to place malicious code in userspace and have the kernel redirection execution there.
 +
 +
For more details, see [[Exploit Methods/Userspace data usage|Userspace access]], as that is technically a superset of userspace execution.
  
 
= Examples =
 
= Examples =

Revision as of 18:22, 10 December 2015

Details

Once an attacker has gain control over the instruction pointers, it must be aimed somewhere. The place where attackers have the most control over memory layout tends to be in userspace, so it has been natural to place malicious code in userspace and have the kernel redirection execution there.

For more details, see Userspace access, as that is technically a superset of userspace execution.

Examples

Mitigations

  • hardware segmentation: SMEP (x86), PXN (arm)
  • compiler instrumentation to set high bit on function calls
  • emulate memory segmentation via separate page tables (e.g. PAX_MEMORY_UDEREF)
Personal tools
Namespaces

Variants
Actions
Navigation
Tools