Abstract
Exploits are increasingly targeting operating system kernel vulnerabilities. For one, applications in user space are better protected by the developers and the kernel than in the past. Second, the promise of a successful kernel exploit is tantalizing full control over the targeted environment. Under Linux, kernel space exploits differ noticeably from user space exploits. Constraints such as execution context problems, module relocation, system calls usage prerequisites and kernel shellcode development have to be dealt with. These kernel exploits are the focus of this paper. We first give an overview of major kernel data structures which are used to handle processes under Linux 2.6 on an Intel IA-32 architecture. We then illustrate the aforementioned constraints by means of two practical Wifi Linux Drivers Stack Overflow exploits.
Similar content being viewed by others
References
the Month Of Kernel Bugs archive http://projects.info-pull.com/mokb/
Intel: IA-32 Software Developper’s Manual, Volume 3A: System Programming Guide, Sect. 5.12.1 http://www.intel.com/products/processor/manuals/index.htm
Intel: IA-32 Software Developper’s Manual, Volume 3A: System Programming Guide, Sect. 5.11 http://www.intel.com/products/processor/manuals/index.htm
Intel: IA-32 Software Developper’s Manual, Volume 3A: System Programming Guide, Sect. 6.2.1 http://www.intel.com/products/processor/manuals/index.htm
ELF: Executable and Linking Format, http://x86.ddj.com/ftp/manuals/tools/elf.pdf
Robert Love: Linux Kernel Development, Novell Press
Bovet, D.P., Cesati, M.: Understanding the Linux Kernel, O’Reilly
Cache, J.: L.M.H.: Broadcom Wireless Driver Probe Response SSID Overflow http://projects.info-pull.com/mokb/MOKB-11-11-2006.html
Biondi, P.: Scapy, a powerful interactive packet manipulation program http://secdev.org/projects/scapy/
Butti, L., Razniewski, J., Tinnes, J.: Madwifi remote buffer overflow vulnerability http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6332
Starzetz, P: Publicly released linux kernel exploits http://www.isec.pl/
The PaX Team: Linux Kernel patch http://pax.grsecurity.net/
Author information
Authors and Affiliations
Corresponding author
Additional information
This paper is an expanded version of two conference talks given at SSTIC 2007 in Rennes and at SYSCAN 2007 in Singapore.
Rights and permissions
About this article
Cite this article
Duverger, S. Linux 2.6 kernel exploits. J Comput Virol 4, 39–60 (2008). https://doi.org/10.1007/s11416-007-0066-9
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11416-007-0066-9