Ian Lepore <freebsd <at> damnhippie.dyndns.org> writes: > ... > > But of interest to me is this: > > "... > > Text relocations are a way in which references in the executable code to > > addresses not known at link time are solved. Basically they just write > > the appropriate address at runtime marking the code segment writable in > > order to change the address then unmarking it. This can be a problem as > > an attacker could try to exploit a bug when the text relocation happens > > in order to be able to write arbitrary code in the text segment which > > would be executed. > > ..." > ... > A kernel module is loaded and linked > ONCE, at load time, into the kernel's address space. > ...
>From the point of view of an attacker it does not matter whether kernel module is loaded and linked once only. That's enough to create a window of opportunity for interfering with relocation process and modifying text (code). jb _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
