|
On 05/01/2019 22:22, Shachar Shemesh
wrote:
So, I decided to check my assumptions. Sure enough, it seems that the loader is using a private mapping when mapping the executables into memory. If that's the case, then you should, indeed, be able to use mprotect to change the permissions, and change the executable code.
Please note, however, that this will not change the data on file or for any other process mapping the same section. It will only change your process' view of the file. As such, this is not a security problem.
If, for whatever reason, you don't want that to happen, you can modify the loader (source is in glibc) to use MAP_SHARED when mapping the file. This will attack this "attack" vector. This will, most probably, also prevent gdb from setting breakpoints in your system.
Also, please note that if the aim is to only allow a process to execute its predetermined code then this is a futile move. The process can still mmap a new memory segment and write whatever it wants there.
Shachar |
_______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
