RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 07:38:10 +00:00
Code Issues Activity Actions

Kernel: Move select Process members into protected memory

Browse source 
Process member variable like m_euid are very valuable targets for
kernel exploits and until now they have been writable at all times.

This patch moves m_euid along with a whole bunch of other members
into a new Process::ProtectedData struct. This struct is remapped
as read-only memory whenever we don't need to write to it.

This means that a kernel write primitive is no longer enough to
overwrite a process's effective UID, you must first unprotect the
protected data where the UID is stored. :^)
This commit is contained in:
Andreas Kling 2021-03-10 19:59:46 +01:00
parent 839d2d70a4
commit cbcf891040
12 changed files with 190 additions and 130 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Kernel/Syscalls/process.cpp
View file

@ -32,7 +32,7 @@ namespace Kernel {
KResultOr<pid_t> Process::sys$getpid()
{
REQUIRE_PROMISE(stdio);
return m_pid.value();
return pid().value();
}
KResultOr<pid_t> Process::sys$getppid()