RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2026-01-21 09:11:00 +00:00
Code Issues Activity Actions
serenity/Tests/Kernel
History
Andreas Kling fe9680f0a4 Kernel: Validate PROT_READ and PROT_WRITE against underlying file 
This patch fixes some issues with the mmap() and mprotect() syscalls,
neither of whom were checking the permission bits of the underlying
files when mapping an inode MAP_SHARED.

This made it possible to subvert execution of any running program
by simply memory-mapping its executable and replacing some of the code.

Test: Kernel/mmap-write-into-running-programs-executable-file.cpp
2020-01-07 19:32:32 +01:00
..
mmap-write-into-running-programs-executable-file.cpp Kernel: Validate PROT_READ and PROT_WRITE against underlying file 2020-01-07 19:32:32 +01:00
uaf-close-while-blocked-in-read.cpp Kernel: Make Process::file_description() vend a RefPtr<FileDescription> 2020-01-07 15:53:42 +01:00