serenity/Kernel
Andreas Kling 6bfbc5f5f5 Kernel: Don't allow modifying IOPL via sys$ptrace() or sys$sigreturn()
It was possible to overwrite the entire EFLAGS register since we didn't
do any masking in the ptrace and sigreturn syscalls.

This made it trivial to gain IO privileges by raising IOPL to 3 and
then you could talk to hardware to do all kinds of nasty things.

Thanks to @allesctf for finding these issues! :^)

Their exploit/write-up: https://github.com/allesctf/writeups/blob/master/2020/hxpctf/wisdom2/writeup.md
2020-12-22 19:38:25 +01:00
..
ACPI Kernel: Workaround QEMU bug and initialize i8042 controller 2020-12-18 10:02:14 +01:00
API Kernel: Move InodeWatcher::Event into Kernel/API/InodeWatcherEvent 2020-12-14 23:05:53 +01:00
Arch Kernel: Don't allow modifying IOPL via sys$ptrace() or sys$sigreturn() 2020-12-22 19:38:25 +01:00
Devices Kernel: Introduce the new Storage subsystem 2020-12-21 00:19:21 +01:00
FileSystem Kernel: Allow sys$chmod() to modify the set-gid bit 2020-12-22 17:48:42 +01:00
Heap Kernel: Defer kmalloc heap contraction 2020-11-04 21:21:37 +01:00
Interrupts Kernel: Allow to install a real IRQ handler on a spurious one 2020-12-21 00:19:21 +01:00
Modules
Net Kernel/Net: Support all E1000 devices in the spec sheet 2020-12-22 14:44:11 +01:00
PCI Kernel/PCI: Add a bunch of debug output to accessors 2020-12-22 09:24:48 +01:00
Storage Kernel: Introduce the StorageManagement class 2020-12-21 00:19:21 +01:00
Syscalls Kernel: Don't allow modifying IOPL via sys$ptrace() or sys$sigreturn() 2020-12-22 19:38:25 +01:00
Tasks Kernel: Fix some issues related to fixes and block conditions 2020-12-12 21:28:12 +01:00
Time Kernel: Improve time keeping and dramatically reduce interrupt load 2020-12-21 18:26:12 +01:00
TTY Everywhere: Switch from (void) to [[maybe_unused]] (#4473) 2020-12-21 00:09:48 +01:00
VM Kernel: Don't skip if found free page to allocate from a super region 2020-12-21 00:15:58 +01:00
.gitignore
Assertions.h Everywhere: Switch from (void) to [[maybe_unused]] (#4473) 2020-12-21 00:09:48 +01:00
CMakeLists.txt Kernel: Introduce the StorageManagement class 2020-12-21 00:19:21 +01:00
CMOS.cpp
CMOS.h
CommandLine.cpp Meta+Kernel: Make clang-format-10 clean 2020-09-25 21:18:17 +02:00
CommandLine.h Kernel: Copy command line to a safe place 2020-08-25 09:48:48 +02:00
Console.cpp Meta+Kernel: Make clang-format-10 clean 2020-09-25 21:18:17 +02:00
Console.h Kernel: Make copy_to/from_user safe and remove unnecessary checks 2020-09-13 21:19:15 +02:00
CoreDump.cpp Kernel: Abort core dump generation if any substep fails 2020-12-22 10:09:41 +01:00
CoreDump.h Kernel: Abort core dump generation if any substep fails 2020-12-22 10:09:41 +01:00
DoubleBuffer.cpp Kernel: Move block condition evaluation out of the Scheduler 2020-11-30 13:17:02 +01:00
DoubleBuffer.h Kernel: Move block condition evaluation out of the Scheduler 2020-11-30 13:17:02 +01:00
Forward.h Kernel: Generate a coredump file when a process crashes 2020-12-14 23:05:53 +01:00
init.cpp Kernel: Introduce the StorageManagement class 2020-12-21 00:19:21 +01:00
IO.h
KBuffer.h Kernel: Add KBuffer::try_create_with_bytes() 2020-12-18 19:22:26 +01:00
KBufferBuilder.cpp Kernel: Move KBufferBuilder to the fallible KBuffer API 2020-12-18 19:22:26 +01:00
KBufferBuilder.h Kernel: Move KBufferBuilder to the fallible KBuffer API 2020-12-18 19:22:26 +01:00
kprintf.cpp
KResult.h Meta+Kernel: Make clang-format-10 clean 2020-09-25 21:18:17 +02:00
kstdio.h
KSyms.cpp Kernel: Move KBufferBuilder to the fallible KBuffer API 2020-12-18 19:22:26 +01:00
KSyms.h
linker.ld
Lock.cpp Kernel: Fix Lock race causing infinite spinning between two threads 2020-12-16 23:38:17 +01:00
Lock.h Kernel: Fix Lock race causing infinite spinning between two threads 2020-12-16 23:38:17 +01:00
LockMode.h Kernel: Fix Lock race causing infinite spinning between two threads 2020-12-16 23:38:17 +01:00
mkmap.sh
Module.h
Multiboot.h
PerformanceEventBuffer.cpp Kernel: Use fallible KBuffer API in PerformanceEventBuffer 2020-12-19 10:23:12 +01:00
PerformanceEventBuffer.h Kernel: Use fallible KBuffer API in PerformanceEventBuffer 2020-12-19 10:23:12 +01:00
PhysicalAddress.h Meta+Kernel: Make clang-format-10 clean 2020-09-25 21:18:17 +02:00
Process.cpp Kernel: Abort core dump generation if any substep fails 2020-12-22 10:09:41 +01:00
Process.h Kernel: Move KBufferBuilder to the fallible KBuffer API 2020-12-18 19:22:26 +01:00
ProcessGroup.cpp Kernel: Move block condition evaluation out of the Scheduler 2020-11-30 13:17:02 +01:00
ProcessGroup.h Kernel: Move block condition evaluation out of the Scheduler 2020-11-30 13:17:02 +01:00
Profiling.cpp
Profiling.h
Ptrace.cpp Kernel: Don't allow modifying IOPL via sys$ptrace() or sys$sigreturn() 2020-12-22 19:38:25 +01:00
Ptrace.h Meta+Kernel: Make clang-format-10 clean 2020-09-25 21:18:17 +02:00
Random.cpp Kernel: Fix some issues related to fixes and block conditions 2020-12-12 21:28:12 +01:00
Random.h LibCrypto: Require intent parameter in CTR constructor 2020-11-29 20:22:56 +01:00
RTC.cpp Kernel: Minor tweak to now() computation 2020-08-26 08:52:07 +02:00
RTC.h
Scheduler.cpp Kernel: Improve time keeping and dramatically reduce interrupt load 2020-12-21 18:26:12 +01:00
Scheduler.h Kernel: Fix some issues related to fixes and block conditions 2020-12-12 21:28:12 +01:00
SharedBuffer.cpp Kernel: Fix SharedBuffer reference counting on fork 2020-11-24 21:26:39 +01:00
SharedBuffer.h Kernel: Fix SharedBuffer reference counting on fork 2020-11-24 21:26:39 +01:00
SpinLock.h Kernel: Minor SpinLock improvements 2020-11-11 12:27:25 +01:00
StdLib.cpp Kernel: Make copy_to/from_user safe and remove unnecessary checks 2020-09-13 21:19:15 +02:00
StdLib.h Kernel: Add checks for is_trivially_copyable to copy_to/from_user 2020-10-02 15:38:07 +02:00
Syscall.cpp Kernel: Don't allow modifying IOPL via sys$ptrace() or sys$sigreturn() 2020-12-22 19:38:25 +01:00
Thread.cpp Kernel: Improve time keeping and dramatically reduce interrupt load 2020-12-21 18:26:12 +01:00
Thread.h Kernel: Improve time keeping and dramatically reduce interrupt load 2020-12-21 18:26:12 +01:00
ThreadBlockers.cpp Kernel: Change wait blocking to Process-only blocking 2020-12-12 21:28:12 +01:00
ThreadTracer.cpp
ThreadTracer.h
TimerQueue.cpp Kernel: Improve time keeping and dramatically reduce interrupt load 2020-12-21 18:26:12 +01:00
TimerQueue.h Kernel: Improve time keeping and dramatically reduce interrupt load 2020-12-21 18:26:12 +01:00
UnixTypes.h Kernel: Improve time keeping and dramatically reduce interrupt load 2020-12-21 18:26:12 +01:00
UserOrKernelBuffer.cpp AK: Add StringBuilder::appendff using the new format. 2020-09-22 15:06:40 +02:00
UserOrKernelBuffer.h FileSystem: Use OutputMemoryStream instead of BufferStream. 2020-09-15 20:36:45 +02:00
VirtualAddress.h Meta+Kernel: Make clang-format-10 clean 2020-09-25 21:18:17 +02:00
WaitQueue.cpp Kernel: Fix Lock race causing infinite spinning between two threads 2020-12-16 23:38:17 +01:00
WaitQueue.h Kernel: Fix Lock race causing infinite spinning between two threads 2020-12-16 23:38:17 +01:00