User: Password:
|
|
Subscribe / Log in / New account

Attacking hardened Linux systems with kernel JIT spraying

Attacking hardened Linux systems with kernel JIT spraying

Posted Nov 19, 2012 2:51 UTC (Mon) by alison (subscriber, #63752)
In reply to: Attacking hardened Linux systems with kernel JIT spraying by aliguori
Parent article: Attacking hardened Linux systems with kernel JIT spraying

What I'm wondering is not about kernel exploits per se, but whether a DOS could mounted against a platform device that has no kernel-user memory separation. In other words, might a graphics JIT like Renderscript bring down the GPU or other graphics IP cores?


(Log in to post comments)

Attacking hardened Linux systems with kernel JIT spraying

Posted Nov 19, 2012 3:03 UTC (Mon) by aliguori (subscriber, #30636) [Link]

Wouldn't that be a bug in the JIT?

There's no DOS happening here. The "spraying" part of this is just duplicating the BPF program as many times as possible in order to increase the likelihood of guessing a valid kernel address of the executable. Duplicating the JIT'd code is completely valid behavior.

Making sure JITs use bounded amounts of memory, don't generate infinite loops, etc. is pretty standard stuff.

From what I can tell, Renderscript is completely userspace. I would hope it doesn't allow for malicious generate GPU routines... That would be a pretty serious oversight.


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds