Muli Ben-Yehuda's journal

April 26, 2005

catching up on my reading

Filed under: Uncategorized — Muli Ben-Yehuda @ 2:15 PM

Current reading: Linux 2.6.x vsyscalls may be used as powerful attack vectors. The basic premise of this paper is that since each process has the vsyscall code mapped into its address space, and the vsyscall code is almost never changed, if you can figure a way to jmp to it from your shell code you can use various instructions there (or data bytes masquerading as instructions) to aid your shell code. Makes sense, and the usual solutions apply – for example, randomization of the vsyscall page.

Blog at