the app is initially not launched for root this mean it address space is not for root , so in the worst case. Where a code was ejected , it will only be executed for the non root user
What do you mean by address space is not root? It is the kernel which ensures access control through acl mechanism. As any read/writes are directed through the kernel. There are ways to bypass this but lets ignore that for now (involves hardware backdoors, etc, other members can elaborate more since i am not really qualified to talk about these things). What buffer overflow gives you is a chance to execute malicious code. Using it you can use unpatched vulnerabilities in the os to gain elevated access.
Very much detailed thanks very much
Well what i mean by address space not root , is that an affected app which is launched for a non root user can access the address space for a root app to write some code , therefore this code can be executed as root , however the seg fault solves this error , that what i said
That's not how it works. First of all you need elivated previlidges to access address space of other processes so you can't do it the other way as you hinted. Alsp it's not segfault which prevents it. Each process is given a virtual adrress space which maps to physical memory (the ram chip) by the OS. So two processes can share the same virtual address and they can point to different things at the same time.. Kernels allow you to access virtual adderss spaces but it is usually behind an elivated access, like in windows there is ReadProcessMemory(). The area to be read has to be accessible, that is it should have PROCESS_VM_READ You can read about it here: https://learn.microsoft.com/en-us/windows/win32/procthread/process-security-and-access-rights
that's actually shocking (two different process share same virtual address)
Обсуждают сегодня