serenity

mirror of https://github.com/SerenityOS/serenity.git synced 2025-01-25 19:02:07 -05:00

History

Andreas Kling 6bfbc5f5f5 Kernel: Don't allow modifying IOPL via sys$ptrace() or sys$sigreturn() It was possible to overwrite the entire EFLAGS register since we didn't do any masking in the ptrace and sigreturn syscalls. This made it trivial to gain IO privileges by raising IOPL to 3 and then you could talk to hardware to do all kinds of nasty things. Thanks to @allesctf for finding these issues! :^) Their exploit/write-up: https://github.com/allesctf/writeups/blob/master/2020/hxpctf/wisdom2/writeup.md	2020-12-22 19:38:25 +01:00
..
i386	Kernel: Don't allow modifying IOPL via sys$ptrace() or sys$sigreturn()	2020-12-22 19:38:25 +01:00
PC	AK: Rename KB, MB, GB to KiB, MiB, GiB	2020-08-16 16:33:28 +02:00

Andreas Kling 6bfbc5f5f5 Kernel: Don't allow modifying IOPL via sys$ptrace() or sys$sigreturn()

It was possible to overwrite the entire EFLAGS register since we didn't
do any masking in the ptrace and sigreturn syscalls.

This made it trivial to gain IO privileges by raising IOPL to 3 and
then you could talk to hardware to do all kinds of nasty things.

Thanks to @allesctf for finding these issues! :^)

Their exploit/write-up: https://github.com/allesctf/writeups/blob/master/2020/hxpctf/wisdom2/writeup.md

2020-12-22 19:38:25 +01:00

i386

Kernel: Don't allow modifying IOPL via sys$ptrace() or sys$sigreturn()

2020-12-22 19:38:25 +01:00

AK: Rename KB, MB, GB to KiB, MiB, GiB

2020-08-16 16:33:28 +02:00