IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [kernel]

132 questions
70
votes
7 answers

What is the possible impact of dirtyc0w a.k.a. "Dirty COW" bug?

I heard about Dirty COW but couldn't find any decent writeup on the scope of the bug. It looks like the exploit can overwrite any non-writable file, which makes me guess that local root is possible via substitution of SUID programs. Is that right?…
d33tah
  • 6,524
  • 8
  • 38
  • 60
40
votes
2 answers

What is protection ring -1?

Due to the Lenovo firmware ThinkPwn bug I'm trying to understand privileges and rings. If the kernel is Ring 0 and SMM (System Management Mode) is Ring -2, what could be in between that is Ring -1?
Thomas Weller
  • 3,246
  • 3
  • 21
  • 39
28
votes
1 answer

DMA attacks despite IOMMU isolation

If you're already familiar with PCI behavior and Linux's handling of DMA buffers, skip to the third section for my actual question. Otherwise read on for a small summary of how PCI devices perform memory accesses, and how the kernel handles…
forest
  • 64,616
  • 20
  • 206
  • 257
28
votes
2 answers

Methods root can use to elevate itself to kernel mode

When most Linux users hear "root", they think of the maximum possible privilege on a computer. Some even think that root runs in ring 0. But in reality, root is just a regular user running in ring 3, albeit one which the kernel trusts (many…
forest
  • 64,616
  • 20
  • 206
  • 257
27
votes
4 answers

How Do Rootkits & Other Low-Level Malware Still Manage to Load on Systems Protected by Secure Boot (and TB/MB)?

Let me try asking my question this way... Let's say that I'm a offensive cyber Bad Guy working for a foreign state-sponsored Advanced Persistent Threat unit. My unit is charged with, say, stealing high-value intellectual property from American…
mostlyinformed
  • 2,715
  • 16
  • 38
26
votes
1 answer

Which attacks are known that exploit the vulnerability known as Spectre?

As reported yesterday the Linux and Windows kernels will receive a security update pretty soon to close vulnerabilities that concern 'kernel memory leaking'. What exactly the design flaw is, that was probably identified at the end of 2017, is…
Tom K.
  • 7,913
  • 3
  • 30
  • 53
17
votes
3 answers

Pros and cons of disabling TCP timestamps

So, lynis informs me that I should unset net.ipv4.tcp_timestamps. I know that's a bad thing because an attacker could figure out which updates that require restarting the machine I haven't applied, or they could use it to figure out my update…
Parthian Shot
  • 861
  • 2
  • 10
  • 18
15
votes
2 answers

Does a compromised kernel give complete control over a device?

It seems that a recent vulnerability in WiFi firmware allows an attacker to run code in kernel space, e.g. replace a kernel function with malicious code. In Android/Linux: Would that give an attacker complete control over the phone? For example,…
z0r
  • 333
  • 2
  • 8
14
votes
1 answer

Is anyone seeing a performance decrease after applying recent kernel patch fixing Meltdown and Spectre?

Our company has a lot of CPU intensive operations on our servers, so the performance decrease is a concern for the organization. We did the benchmarks, and it seems that performance is almost not affected. Initially it was stated that performance…
Jason Holcomb
  • 188
  • 8
13
votes
2 answers

concrete real-life examples where grsecurity prevented an exploit

From theoretical point of view, grsecurity kernel patch looks like a great hardening tool. Most importantly, PaX seems like a good idea. Do these theoretical advantages have indeed practical effect in preventing malware attack/exploits/rootkits…
Martin Vegter
  • 1,826
  • 4
  • 27
  • 39
11
votes
5 answers

Why protect the Linux kernel from the root user?

What's the purpose of things like the modules_disabled and kexec_load_disabled sysctls and the locking down of /dev/mem and /dev/kmem? The idea behind them seems to be to prevent root from taking over the kernel, but I'm not sure why this is useful.…
Joseph Sible-Reinstate Monica
  • 7,110
  • 3
  • 21
  • 35
10
votes
0 answers

Penetration-resistance of a HaLVM unikernel

A HaLVM unikernel is a Haskell program compiled with a modified version of the Glasgow Haskell Compiler to produce a standalone Xen kernel, which will boot on any Xen PV machine instance. A HaLVM unikernel thus replaces the operating system with the…
runeks
  • 393
  • 1
  • 2
  • 8
10
votes
1 answer

What is real-world impact of CVE-2016-0728 (Linux Kernel Vulnerability)

Today emerged report about another serious vulnerability in opensource world, CVE-2016-0728. It is local privilege escalation in Linux kernel 3.8+. What are the the possible real-world exploitation, consequences and possibilities to mitigate (except…
Jakuje
  • 5,229
  • 16
  • 31
9
votes
2 answers

How effective is Windows KDP for exploit mitigation in practice?

Windows Kernel Data Protection is a kernel security feature which appears to use Extended Page Tables (EPT, a hardware virtualization feature) to enforce read-only pages. How effective is this at protecting from kernel exploits in the real world? Is…
forest
  • 64,616
  • 20
  • 206
  • 257
9
votes
2 answers

How can the Magic SysRq key be dangerous for linux users?

The magic SysRq key is known for linux users to perform some actions when the system freeze , but it considered as dangerous command for users who have a physical access to the system: Some people view this key as giving access to dangerous…
GAD3R
  • 2,211
  • 3
  • 15
  • 38
1
2 3
8 9