Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 23 Mar 2016 13:32:07 +0100
From: Yves-Alexis Perez <corsac@...ian.org>
To: kernel-hardening@...ts.openwall.com
Subject: [CSW16] Getting Physical: Extreme Abuse of Intel Based Paging
 Systems

[wasn't sure whether I should cross-post to oss-sec or not]

In case some people would be interested, Nicolas Economou and Enrique Nissim
gave a presentation last week at CanSecWest about what you can do with a
kernel arbitrary write with current paging situation on Intel hardware, in
Linux and Windows. The slides (and code for Linux) are available at:

https://github.com/n3k/CansecWest2016_Getting_Physical_Extreme_Abuse_of_Intel_
Based_Paging_Systems/

There might be (a lot of) other way to exploit a running kernel with an
arbitrary write, but it's still quite interesting.

The authors give some advice at the end (slide 84 “Linux conclusion”):

- Paging tables shouldn’t be in *fixed addresses*
  - It can be abused by LOCAL and REMOTE kernel exploits
- All fixed paging structures should be *read-only*
- Some advice, compile the kernel with Grsec ;-)

Regards,
-- 
Yves-Alexis


Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.