[rsbac] Protecting secoff from malicious root

Amon Ott rsbac@rsbac.org
Mon Apr 8 10:47:01 2002

On Sunday, 3. March 2002 19:47, Rafal Wojtczuk wrote:
> OK, but we must remember thet if an attacker can force a privileged process
> to run a machine code injected by the attacker (note I avoided the word
> "shellcode"), the attacker doesn't need to execute anything to take full
> advantage of the process' privileges.

Rethought that. To get your code executed, you have to map the memory segment 
as executable, which results in a MAP_EXEC (EXECUTE on <1.2.0) on target 
NONE. You could try to deny these requests on server programs. Unfortunately, 
even init does map such code without corresponding file...