Re: jit code and securelevel

To: Christos Zoulas <christos%astron.com@localhost>
Subject: Re: jit code and securelevel
From: Alexander Nasonov <alnsn%yandex.ru@localhost>
Date: Thu, 1 Jan 2015 17:47:01 +0000

Christos Zoulas wrote:
> In article <20150101153259.GA2442@neva>,
> Alexander Nasonov  <alnsn%yandex.ru@localhost> wrote:
> >I don't remember seeing a policy on disabling jit code at securelevel
> >1 or higher. Is it something we should add?
> 
> I am not sure that we should add it because the code it generates is tightly
> conrolled by the kernel.

On a (misconfigured) system with enhanced permissions for tcpdump or
for some other pcap program, one can craft a special JIT code to help them
exploit a bug in the kernel:
http://mainisusuallyafunction.blogspot.com/2012/11/attacking-hardened-linux-systems-with.html

Function pointer of jit code is readable via kmem.

Alex

Follow-Ups:
- Re: jit code and securelevel
  - From: Christos Zoulas

References:
- jit code and securelevel
  - From: Alexander Nasonov
- Re: jit code and securelevel
  - From: Christos Zoulas

Prev by Date: Re: jit code and securelevel
Next by Date: Re: jit code and securelevel
Previous by Thread: Re: jit code and securelevel
Next by Thread: Re: jit code and securelevel
Indexes:

Home | Main Index | Thread Index | Old Index