Monday, September 4, 2017

operating systems - Will applications running in root mode be able to overwrite OS's or other program's memory section?



I read here that any application running in root mode can issue a kernel call and execute in kernel mode. Is is possible that ANY application running in root mode can make a kernel call, go to kernel mode and tamper other program's memory area or mess with the operating system's memory section, cos almost all the tutorial's I find say's that kernel mode gives COMPLETE ACCESS to my hardware, and if it is this way wouldn't that be a great security flaw where the program just after acquiring the root level access would have access to any memory location on RAM/DISK ?

(I have Linux in my mind while I ask this question)

EDIT:
Well i am rreally convinced about the fact that in linux the memory is completely exposed, can someone explain if it is the same way in Windows and Unix


Answer




Yes, it's certainly possible - many Linux systems even expose memory via the two device files /dev/mem (for physical memory) and /dev/kmem (for virtual memory). You can access the kernel's virtual address space via /proc/kcore. Of course, it's not recommended to write to these devices, as you could easily trash your system.



I'm not sure why this could be considered a security issue, though - you generally have to be root to write to these devices, and if you have root access, you can already do anything you want.


No comments:

Post a Comment

hard drive - Leaving bad sectors in unformatted partition?

Laptop was acting really weird, and copy and seek times were really slow, so I decided to scan the hard drive surface. I have a couple hundr...