undefined | Better HN

0 pointsanthk17d ago0 comments

How can I exploit an unloaded module?

0 comments

... by loading it? There are many ways to get the kernel to suck in a module you can then bang on over sysfs or whatever API it presents. You can have a local exploit in a binary with CAP_SYS_MODULE, subsystems can be fooled into passing uncooked strings to modprobe, users can be fooled into dropping junk into /etc/modprobe.d (instructions for doing so are pervasive in the embedded world and most users think this stuff is safe), etc...

This kind of chicanery is the vanilla pudding of the hacker world. It's everywhere. Suffice it to say that you're simply wrong: NO, it's never OK to argue a subsystem is safe because you personally think it can't be loaded. It 100% can be, that's the easy part.

anthkOP17d ago

>users can be fooled into dropping junk into /etc/modprobe.d (instructions for doing so are pervasive in the embedded world and most users think this stuff is safe), etc...

Not an issue for AX25 per se.

If you can fool an user to run root instructions, it's game over, period.

pixl9717d ago

There is a difference between running any instructions and an instruction that would otherwise be considered safe.

j / k navigate · click thread line to collapse