/dev/mem exploit on Ubuntu
ben.collins at ubuntu.com
Wed Aug 1 20:26:53 UTC 2007
On Wed, 2007-08-01 at 15:00 -0400, Kristian Hermansen wrote:
> On 8/1/07, Ben Collins <ben.collins at ubuntu.com> wrote:
> > already have root on the system. It's basically a rootkit (unless I'm
> So for instance, if you are a normal user, but are in the kmem group
> (gid=15), it is my assumption that you can still utilize this
> technique even though you are not root. However, Ben, you are the
> kernel expert -- so you tell me :-) I am also interested in any
> methods of kernel memory segmentation for Linux driver code. Ie, what
> does the future hold in these respects...
If you give someone kmem group perms, you've given them your system (if
they know what they are doing). There's no reason I know of to give
someone these perms. It's mainly meant to chgrp a program to this group,
and make it sgid.
Your other question, I'm not sure how to answer. There are things like
stack-protector, and similar methods to protect kernel and userspace
from those sorts of exploits.
Ubuntu : http://www.ubuntu.com/
More information about the ubuntu-server