/dev/mem exploit on Ubuntu

Ben Collins ben.collins at ubuntu.com
Wed Aug 1 20:26:53 UTC 2007

On Wed, 2007-08-01 at 15:00 -0400, Kristian Hermansen wrote:
> On 8/1/07, Ben Collins <ben.collins at ubuntu.com> wrote:
> > already have root on the system. It's basically a rootkit (unless I'm
> So for instance, if you are a normal user, but are in the kmem group
> (gid=15), it is my assumption that you can still utilize this
> technique even though you are not root.  However, Ben, you are the
> kernel expert -- so you tell me :-)  I am also interested in any
> methods of kernel memory segmentation for Linux driver code.  Ie, what
> does the future hold in these respects...

If you give someone kmem group perms, you've given them your system (if
they know what they are doing). There's no reason I know of to give
someone these perms. It's mainly meant to chgrp a program to this group,
and make it sgid.

Your other question, I'm not sure how to answer. There are things like
stack-protector, and similar methods to protect kernel and userspace
from those sorts of exploits.

Ubuntu   : http://www.ubuntu.com/
Linux1394: http://wiki.linux1394.org/

More information about the ubuntu-server mailing list