Re: [Security] proactive defense: using read-only memory

From: Valdis . Kletnieks
Date: Wed Nov 17 2010 - 19:12:36 EST

Next message: Stephen Rothwell: "Re: linux-next: Tree for November 17"
Previous message: David Brown: "Re: [PATCH v5 1/1] usb: Adding SuperSpeed support to dummy_hcd"
In reply to: Kees Cook: "Re: [Security] proactive defense: using read-only memory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 17 Nov 2010 11:00:54 +0100, Pavel Machek said:

> > - Entry points to set_kernel_text_rw() and similar need to be blockable.
> > Having these symbols available make kernel memory modification trivial;
>
> What prevents attacker to just inlining those functions in the
> exploit?

Quite often, you are limited on how many bytes of exploit code you can inject.
If you have to do the whole thing in (say) 139 bytes, having to inlinine even
one function may make the exploit impossible to run.

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Stephen Rothwell: "Re: linux-next: Tree for November 17"
Previous message: David Brown: "Re: [PATCH v5 1/1] usb: Adding SuperSpeed support to dummy_hcd"
In reply to: Kees Cook: "Re: [Security] proactive defense: using read-only memory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]