On Jan 1, 5:47pm, [email protected] (Alexander Nasonov) wrote: -- Subject: Re: jit code and securelevel
| Christos Zoulas wrote: | > In article <20150101153259.GA2442@neva>, | > Alexander Nasonov <[email protected]> wrote: | > >I don't remember seeing a policy on disabling jit code at securelevel | > >1 or higher. Is it something we should add? | > | > I am not sure that we should add it because the code it generates is tightly | > conrolled by the kernel. | | On a (misconfigured) system with enhanced permissions for tcpdump or | for some other pcap program, one can craft a special JIT code to help them | exploit a bug in the kernel: | http://mainisusuallyafunction.blogspot.com/2012/11/attacking-hardened-linux-systems-with.html | | Function pointer of jit code is readable via kmem. Well, it is using jit to load exploit code to the kernel, but how will he jump to it? In the description he is using a module that lets you jump to any location. If you have that, you can do whatever you want anyway... christos
