Advertisement

Journal in Computer Virology

, Volume 4, Issue 1, pp 39–60 | Cite as

Linux 2.6 kernel exploits

  • Stéphane Duverger
SSTIC 2007 Best Academic Papers

Abstract

Exploits are increasingly targeting operating system kernel vulnerabilities. For one, applications in user space are better protected by the developers and the kernel than in the past. Second, the promise of a successful kernel exploit is tantalizing full control over the targeted environment. Under Linux, kernel space exploits differ noticeably from user space exploits. Constraints such as execution context problems, module relocation, system calls usage prerequisites and kernel shellcode development have to be dealt with. These kernel exploits are the focus of this paper. We first give an overview of major kernel data structures which are used to handle processes under Linux 2.6 on an Intel IA-32 architecture. We then illustrate the aforementioned constraints by means of two practical Wifi Linux Drivers Stack Overflow exploits.

Keywords

System Call Address Space Return Address Process Context Memory Area 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    the Month Of Kernel Bugs archive http://projects.info-pull.com/mokb/
  2. 2.
    Intel: IA-32 Software Developper’s Manual, Volume 3A: System Programming Guide, Sect. 5.12.1 http://www.intel.com/products/processor/manuals/index.htm
  3. 3.
    Intel: IA-32 Software Developper’s Manual, Volume 3A: System Programming Guide, Sect. 5.11 http://www.intel.com/products/processor/manuals/index.htm
  4. 4.
    Intel: IA-32 Software Developper’s Manual, Volume 3A: System Programming Guide, Sect. 6.2.1 http://www.intel.com/products/processor/manuals/index.htm
  5. 5.
    ELF: Executable and Linking Format, http://x86.ddj.com/ftp/manuals/tools/elf.pdf
  6. 6.
    Robert Love: Linux Kernel Development, Novell PressGoogle Scholar
  7. 7.
    Bovet, D.P., Cesati, M.: Understanding the Linux Kernel, O’ReillyGoogle Scholar
  8. 8.
    Cache, J.: L.M.H.: Broadcom Wireless Driver Probe Response SSID Overflow http://projects.info-pull.com/mokb/MOKB-11-11-2006.html
  9. 9.
    Biondi, P.: Scapy, a powerful interactive packet manipulation program http://secdev.org/projects/scapy/
  10. 10.
    Butti, L., Razniewski, J., Tinnes, J.: Madwifi remote buffer overflow vulnerability http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6332
  11. 11.
    Starzetz, P: Publicly released linux kernel exploits http://www.isec.pl/
  12. 12.
    The PaX Team: Linux Kernel patch http://pax.grsecurity.net/

Copyright information

© Springer-Verlag France 2007

Authors and Affiliations

  1. 1.EADS Innovation WorksSuresnesFrance

Personalised recommendations