Is Fedora, or Linux in general, vulnerable to a "paging exploit" like Vista appears to be?
Douglas Phillipson
phillipd at oem.doe.gov
Thu Oct 19 20:10:43 UTC 2006
Jamie Wellnitz wrote:
> On Thu, Oct 19, 2006 at 12:33:28PM -0700, Douglas Phillipson wrote:
>> I just read a new exploit for Vista that in my mind could be plausible
>> for Linux also. It involves forcing unused device drivers in memory to
>> be paged to disk by allocating gobs of memory, then a program finds the
>> area on the disk where the device driver code is and replaces it with
>> exploited code. When the driver gets paged back into Kernel memory you
>> now have full access to the machine. Could this happen to Linux? Can a
>> non-root or even a root owned process access the swap space. Swap is a
>> file on Windows which probably makes it easier than Linux. Swap on
>> Linux typically is a unformatted file system, but can be a file in the
>> file system if desired. As I understand the exploit, Microsoft has
>> implemented a policy with Vista that only drivers "Signed" by Microsoft
>> can be installed on Vista. This "Paging" exploit completely bypasses
>> this requirement, easily.
>>
>> Here is the exploit presentation:
>>
>> http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Rutkowska.pdf
>>
>> DSP
>>
> AFAIK, Linux drivers are in nonpaged kernel memory, so no matter how
> much memory is allocated, they get to stay where they are.
>
> Thanks,
> Jamie
>
What about other root owned processes? Is it possible with them?
Doug P
More information about the fedora-list
mailing list