Computer Security

Security Advisory: Problems with syscall filtering technologies on Linux
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Linux syscall filtering bypass

  CESA-2009-001 - rev 1 Linux syscall interception technologies partial bypass

From:Chris Evans <scarybeasts_(at)_gmail.com>
Date:28.01.2009
Subject:Problems with syscall filtering technologies on Linux

Hi,

There's a trick which may permit the bypassing of policies in
technologies which do syscall filtering on the Linux x86_64 kernel.

The trick is made possible by the fact that the 32-bit and 64-bit
kernel tables are different, combined with the fact that a 64-bit
process can make a 32-bit syscall and visa versa. The syscall "number"
check can get confused and permit a syscall it did not intend to.

Advisory: http://scary.beasts.org/security/CESA-2009-001.html

Blog post: http://scarybeastsecurity.blogspot.com/2009/01/bypassing-syscall-filtering.html

Cheers
Chris
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server