Re: jit code and securelevel

To: Alexander Nasonov <alnsn%yandex.ru@localhost>
Subject: Re: jit code and securelevel
From: christos%zoulas.com@localhost (Christos Zoulas)
Date: Thu, 1 Jan 2015 12:57:40 -0500

On Jan 1,  5:47pm, alnsn%yandex.ru@localhost (Alexander Nasonov) wrote:
-- Subject: Re: jit code and securelevel

| Christos Zoulas wrote:
| > In article <20150101153259.GA2442@neva>,
| > Alexander Nasonov  <alnsn%yandex.ru@localhost> wrote:
| > >I don't remember seeing a policy on disabling jit code at securelevel
| > >1 or higher. Is it something we should add?
| > 
| > I am not sure that we should add it because the code it generates is tightly
| > conrolled by the kernel.
| 
| On a (misconfigured) system with enhanced permissions for tcpdump or
| for some other pcap program, one can craft a special JIT code to help them
| exploit a bug in the kernel:
| http://mainisusuallyafunction.blogspot.com/2012/11/attacking-hardened-linux-systems-with.html
| 
| Function pointer of jit code is readable via kmem.

Well, it is using jit to load exploit code to the kernel, but how will
he jump to it? In the description he is using a module that lets you jump
to any location. If you have that, you can do whatever you want anyway...

christos

Follow-Ups:
- Re: jit code and securelevel
  - From: Alexander Nasonov

References:
- Re: jit code and securelevel
  - From: Alexander Nasonov

Prev by Date: Re: jit code and securelevel
Next by Date: Re: jit code and securelevel
Previous by Thread: Re: jit code and securelevel
Next by Thread: Re: jit code and securelevel
Indexes:

Home | Main Index | Thread Index | Old Index