Papers published
by eeye Security and the Uninformed Journal have shed a tremendous amount of light on
the subject, with the result that the latest version of the Metasploit Framework (version
3.0 as of this writing) contains kernel level exploits and payloads.
Kernel Space Considerations
A couple of things make exploitation of the kernel a bit more adventurous than exploitation
of user space programs. The first thing to understand is that while an exploit gone
awry in a vulnerable user space application may cause the vulnerable application to
crash, it is not likely to cause the entire operating system to crash. On the other hand, an
exploit that fails against a kernel is likely to crash the kernel, and therefore the entire
computer. In the Windows world, ???blue screens??? are a simple fact of life while developing
exploits at the kernel level.
The next thing to consider is what you intend to do once you have code running within
the kernel. Unlike with user space, you certainly can??™t do an execve and replace the current
process (the kernel in this case) with a process more to your liking. Also unlike with user
space, you will not have access to a large catalog of shared libraries from which to choose
functions that are useful to you.
Pages:
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407