User: Password:
|
|
Subscribe / Log in / New account

More information

More information

Posted May 15, 2013 23:14 UTC (Wed) by cesarb (subscriber, #6266)
In reply to: More information by fuhchee
Parent article: Local root vulnerability in the kernel

From that analysis:

> The interrupt descriptor table was chosen because it is very easy to get it's address even on hardened builds -- using sidt instruction.

That reminded me of the following commit, which was merged for 3.10:

https://git.kernel.org/linus/4eefbe792baedb474e256d353708...

> Make a copy of the IDT (as seen via the "sidt" instruction) read-only. This primarily removes the IDT from being a target for arbitrary memory write attacks, and has the added benefit of also not leaking the kernel base offset, if it has been relocated.


(Log in to post comments)

More information

Posted May 15, 2013 23:46 UTC (Wed) by spender (subscriber, #23067) [Link]

Or as done in PaX's KERNEXEC since 2003. Who knew that my presentation on "Linux Security in 10 years" (http://grsecurity.net/spender_summit.pdf) would mention changes that took exactly 10 years? ;)

-Brad


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds