System call interposition allows the kernel security model to be extended. However, when combined with current operating systems, it is open to concurrency vulnerabilities leading to privilege escalation and audit bypass. We discuss the theory and practice of system call wrapper concurrency vulnerabilities, and demonstrate exploit techniques against GSWTK, Systrace, and CerbNG.
Paper (PDF) by Robert N. M. Watson of the Computer Laboratory @ University of Cambridge
Also see his slides (PDF) from USENIX WOOT 07.
No comments:
Post a Comment