Linux 2.6 kernel exploits
Exploits are increasingly targeting operating system kernel vulnerabilities. For one, applications in user space are better protected by the developers and the kernel than in the past. Second, the promise of a successful kernel exploit is tantalizing full control over the targeted environment. Under Linux, kernel space exploits differ noticeably from user space exploits. Constraints such as execution context problems, module relocation, system calls usage prerequisites and kernel shellcode development have to be dealt with. These kernel exploits are the focus of this paper. We first give an overview of major kernel data structures which are used to handle processes under Linux 2.6 on an Intel IA-32 architecture. We then illustrate the aforementioned constraints by means of two practical Wifi Linux Drivers Stack Overflow exploits.
Unable to display preview. Download preview PDF.
- 1.the Month Of Kernel Bugs archive http://projects.info-pull.com/mokb/
- 2.Intel: IA-32 Software Developper’s Manual, Volume 3A: System Programming Guide, Sect. 5.12.1 http://www.intel.com/products/processor/manuals/index.htm
- 3.Intel: IA-32 Software Developper’s Manual, Volume 3A: System Programming Guide, Sect. 5.11 http://www.intel.com/products/processor/manuals/index.htm
- 4.Intel: IA-32 Software Developper’s Manual, Volume 3A: System Programming Guide, Sect. 6.2.1 http://www.intel.com/products/processor/manuals/index.htm
- 5.ELF: Executable and Linking Format, http://x86.ddj.com/ftp/manuals/tools/elf.pdf
- 6.Robert Love: Linux Kernel Development, Novell PressGoogle Scholar
- 7.Bovet, D.P., Cesati, M.: Understanding the Linux Kernel, O’ReillyGoogle Scholar
- 8.Cache, J.: L.M.H.: Broadcom Wireless Driver Probe Response SSID Overflow http://projects.info-pull.com/mokb/MOKB-11-11-2006.html
- 9.Biondi, P.: Scapy, a powerful interactive packet manipulation program http://secdev.org/projects/scapy/
- 10.Butti, L., Razniewski, J., Tinnes, J.: Madwifi remote buffer overflow vulnerability http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6332
- 11.Starzetz, P: Publicly released linux kernel exploits http://www.isec.pl/
- 12.The PaX Team: Linux Kernel patch http://pax.grsecurity.net/