serenity

RGBCube/serenity

Fork 0

mirror of https://github.com/RGBCube/serenity synced 2025-05-15 05:54:59 +00:00

Commit graph

Author	SHA1	Message	Date
Ben Wiederhake	29eceebdbf	Tests: Build automatically, fix compilation errors	2020-08-02 17:15:36 +02:00
Andreas Kling	c6e552ac8f	Kernel+LibELF: Don't blindly trust ELF symbol offsets in symbolication It was possible to craft a custom ELF executable that when symbolicated would cause the kernel to read from user-controlled addresses anywhere in memory. You could then fetch this memory via /proc/PID/stack We fix this by making ELFImage hand out StringView rather than raw const char* for symbol names. In case a symbol offset is outside the ELF image, you get a null StringView. :^) Test: Kernel/elf-symbolication-kernel-read-exploit.cpp	2020-01-16 22:11:31 +01:00

Author

SHA1

Message

Date

Ben Wiederhake

29eceebdbf

Tests: Build automatically, fix compilation errors

2020-08-02 17:15:36 +02:00

Andreas Kling

c6e552ac8f

Kernel+LibELF: Don't blindly trust ELF symbol offsets in symbolication

It was possible to craft a custom ELF executable that when symbolicated
would cause the kernel to read from user-controlled addresses anywhere
in memory. You could then fetch this memory via /proc/PID/stack

We fix this by making ELFImage hand out StringView rather than raw
const char* for symbol names. In case a symbol offset is outside the
ELF image, you get a null StringView. :^)

Test: Kernel/elf-symbolication-kernel-read-exploit.cpp

2020-01-16 22:11:31 +01:00

2 commits