Re: [kernel-hardening] Re: [PATCH] x86: make IDT read-only

From: H. Peter Anvin
Date: Tue Apr 09 2013 - 15:02:15 EST

Next message: suravee.suthikulpanit: "[PATCH V4] iommu/amd: Add logic to decode AMD IOMMU event flag"
Previous message: Arnd Bergmann: "Re: [PATCH 3/8] dmaengine: ste_dma40: Actually write the runtime configuration to registers"
In reply to: Eric Northup: "Re: [kernel-hardening] Re: [PATCH] x86: make IDT read-only"
Next in thread: H. Peter Anvin: "Readonly GDT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 04/09/2013 11:54 AM, Eric Northup wrote:
>
> The GDT is a problem if the address returned by 'sgdt' is
> kernel-writable - it doesn't necessarily reveal the random offset, but
> I'm pretty sure that writing to the GDT could cause privilege
> escalation.
>

That is a pretty safe assumption...

-hpa

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: suravee.suthikulpanit: "[PATCH V4] iommu/amd: Add logic to decode AMD IOMMU event flag"
Previous message: Arnd Bergmann: "Re: [PATCH 3/8] dmaengine: ste_dma40: Actually write the runtime configuration to registers"
In reply to: Eric Northup: "Re: [kernel-hardening] Re: [PATCH] x86: make IDT read-only"
Next in thread: H. Peter Anvin: "Readonly GDT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]