Thursday, April 15, 2010

Exploiting a kernel NULL dereference

Hi Folks,
I am sorry for the long silence, but during this month I am very busy :(
Today I just wanna suggest this reading on Kernel Exploitation


We can demonstrate the first fact with the following program, which writes to the null_read file to force a kernel NULL dereference, but with the NULL page mapped, so that nothing goes wrong:



Writing to that file will trigger a NULL pointer dereference by the nullderef kernel module, but because it runs in the same address space as the user process, the read proceeds fine and nothing goes wrong – no kernel oops. We’ve passed the first step to a working exploit.

1 comment:

desbest said...
This comment has been removed by the author.