I just read a new exploit for Vista that in my mind could be plausible
for Linux also. It involves forcing unused device drivers in memory to
be paged to disk by allocating gobs of memory, then a program finds the
area on the disk where the device driver code is and replaces it with
exploited code. When the driver gets paged back into Kernel memory you
now have full access to the machine. Could this happen to Linux? Can a
non-root or even a root owned process access the swap space. Swap is a
file on Windows which probably makes it easier than Linux. Swap on
Linux typically is a unformatted file system, but can be a file in the
file system if desired. As I understand the exploit, Microsoft has
implemented a policy with Vista that only drivers "Signed" by Microsoft
can be installed on Vista. This "Paging" exploit completely bypasses
this requirement, easily.
Here is the exploit presentation:
http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Rutkowska.pdf
DSP
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
