Another factor that
will influence the stability of the system is the state of any interrupt processing being conducted
by the kernel at the time of the exploit. Interrupts may need to be reenabled or
reset cleanly in order to allow the system to continue stable operation.
Ultimately, you may decide that the somewhat more forgiving environment of user
space is a more desirable place to be running code. This is exactly what many recent kernel
exploits do. By scanning the process list, a process with sufficiently high privileges
can be selected as a host for a new thread that will contain attacker-supplied code. Kernel
API functions can then be utilized to initialize and launch the new thread, which
runs in the context of the selected process.
While the low level details of kernel level exploits are beyond the scope of this book,
the fact that this is a rapidly evolving area is likely to make kernel exploitation tools and
techniques more and more accessible to the average security researcher. In the meantime,
the references listed next will serve as excellent starting points for those interested
in more detailed coverage of the topic.
References
Barnaby Jack http://research.eeye.com/html/Papers/download/StepIntoTheRing.
Pages:
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409