Linux.com

Home News Software Linux Kernel Development Garrett: Subverting Security with kexec

Garrett: Subverting Security with kexec

Matthew Garrett demonstrates how to use the kexec() system call to change parameters in a running kernel. "The beauty of this approach is that it doesn't rely on any kernel bugs - it's using kernel functionality that was explicitly designed to let you do this kind of thing (ie, run arbitrary code in ring 0). There's not really any way to fix it beyond adding a new system call that has rather tighter restrictions on the binaries that can be loaded. If you're using signed modules but still permit kexec, you're not really adding any additional security."

Read more at LWN
 

Comments

Subscribe to Comments Feed

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board