I read here that any application running in root mode can issue a kernel call and execute in kernel mode. Is is possible that ANY application running in root mode can make a kernel call, go to kernel mode and tamper other program's memory area or mess with the operating system's memory section, cos almost all the tutorial's I find say's that kernel mode gives COMPLETE ACCESS to my hardware, and if it is this way wouldn't that be a great security flaw where the program just after acquiring the root level access would have access to any memory location on RAM/DISK ?
(I have Linux in my mind while I ask this question)
EDIT:
Well i am rreally convinced about the fact that in linux the memory is completely exposed, can someone explain if it is the same way in Windows and Unix
Answer
Yes, it's certainly possible - many Linux systems even expose memory via the two device files /dev/mem (for physical memory) and /dev/kmem (for virtual memory). You can access the kernel's virtual address space via /proc/kcore. Of course, it's not recommended to write to these devices, as you could easily trash your system.
I'm not sure why this could be considered a security issue, though - you generally have to be root to write to these devices, and if you have root access, you can already do anything you want.
No comments:
Post a Comment