Exploit Methods/Text overwrite

From Linux Kernel Security Subsystem
(Difference between revisions)
Jump to: navigation, search
(Created page with "= Details = If an attacker has a write primitive and knows where the kernel is located in memory, they could overwrite functions to do whatever they wanted. Protecting against...")
 
(Examples)
 
Line 5: Line 5:
  
 
* patch setuid to always succeed
 
* patch setuid to always succeed
 +
* [http://itszn.com/blog/?p=21 overwrite vDSO]
  
 
= Mitigations =
 
= Mitigations =
  
 
* Do not leave executable memory also writable
 
* Do not leave executable memory also writable

Latest revision as of 22:02, 18 November 2015

[edit] Details

If an attacker has a write primitive and knows where the kernel is located in memory, they could overwrite functions to do whatever they wanted. Protecting against this is the most basic of kernel memory protections: make sure the kernel is read-only.

[edit] Examples

[edit] Mitigations

  • Do not leave executable memory also writable
Personal tools
Namespaces

Variants
Actions
Navigation
Tools