• Salva Peiró
  • Profile
  • Education
  • Publications
  • Projects
  • Archives



On techniques to prevent commit_creds() user-space abuse

by speiro - Nov 25, 2015 - commit_creds, prevention, technique, kernel, hardening,

Update

Implementation of this kind of protection is pointless, since by the time the attacker is executing code he can already bypass the protections as discussed in kernel-hardening. Defeating a similar protection implemented in Windows 8 is described in Defeating Windows 8 ROP Mitigation

Analysis

Given the typical path for kernel exploitation is the commit_creds(prepare_kernel_cred(0)) being called from user space as detailed in [1]. Why is not a check placed in commit_creds() to checks the return address and ensure that the call is a legit one coming from kernel space?.

This blocks direct calls to commit_creds from user …

more ...

Page 1 / 1

  Categories

  • CVEs
  • Infoleaks
  • Learning
  • Techniques

  Activity

  • SPADV-2018-01
  • CVE-2016-3178
  • CVE-2015-7885
  • CVE-2015-7884
  • CVE-2014-1739
  • CVE-2014-1446
  • CVE-2014-1445

  Contact

  • Linkedin
  • ResearchGate
  • Atom feed