> What I understand from this is if code is mapped at 0 (eg by mmap(PROT_EXEC)),
> it would get executed instead of the program being killed. Although I don't
> see how this could be exploited to gain any privileges, I wonder if it can
> cause a process to loop indefinitely instead of being killed or nasty things
> like this. May be this is a stupid analysis from me, so I hope that PaX Team
> will have more precise info.
When you can inject a non canonical RIP into the stack frame you can likely
also inject other RIPs. So the whole thing is just a funny way for a program to
jump in its address space. 0 is as good as any other address for this.
The whole point of the check is just to protect the kernel/CPU against this.
What happens to the user space program itself is no concern because it is the program's
own doing.
-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]