Date: Wed, 23 Mar 2016 13:32:07 +0100 From: Yves-Alexis Perez <corsac@...ian.org> To: kernel-hardening@...ts.openwall.com Subject: [CSW16] Getting Physical: Extreme Abuse of Intel Based Paging Systems [wasn't sure whether I should cross-post to oss-sec or not] In case some people would be interested, Nicolas Economou and Enrique Nissim gave a presentation last week at CanSecWest about what you can do with a kernel arbitrary write with current paging situation on Intel hardware, in Linux and Windows. The slides (and code for Linux) are available at: https://github.com/n3k/CansecWest2016_Getting_Physical_Extreme_Abuse_of_Intel_ Based_Paging_Systems/ There might be (a lot of) other way to exploit a running kernel with an arbitrary write, but it's still quite interesting. The authors give some advice at the end (slide 84 “Linux conclusion”): - Paging tables shouldn’t be in *fixed addresses* - It can be abused by LOCAL and REMOTE kernel exploits - All fixed paging structures should be *read-only* - Some advice, compile the kernel with Grsec ;-) Regards, -- Yves-Alexis Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.