Text relocations in kernel modules
jb.1234abcd at gmail.com
Wed Apr 4 17:34:31 UTC 2012
Peter Wemm <peter <at> wemm.org> writes:
> There is no way to interfere because it is done outside of user space
> entirely, **after** the file has been copied out of the file system.
> You can do whatever you like to the file, but it has no effect because
> all the relocation is done in a private kernel copy.
What if attack code (broadly understood) is part of module code, and is based
on either or both of:
- hidden (as to meaning and reloc targets) arrangement of relocations needed
- has an ability of (self) activation during load/link and *relocations* process
already under the privilege of the kernel ?
Is that possible at all ?
Would there be any protection against it (except giving up relocations as
an enabling vehicle) ?
More information about the freebsd-stable