Accessing /dev/kmem on x86_64 (2.6.5)
From: Josef Moellers (josef.moellers_at_fujitsu-siemens.com)
Date: 10/14/05
- Next message: Daniel Schüle: "Re: using sys_mknod, how to create a character device file from module"
- Previous message: Kasper Dupont: "Re: using sys_mknod, how to create a character device file from module"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 14 Oct 2005 14:18:44 +0200
Hi,
I've read some of the discussion about the security problems concerning
/dev/kmem. I need it but can't even read from it, let alone write to it.
I'd like to plant an invalid instruction (ud2, code 0xf 0xb) in some
part of kernel code (the nmi handler) and cause a crash dump to be
written (that rules out using /proc/kcore, as it is read-only!)
However, although I correctly lseek to an address obtained from
searching /proc/kallsyms (lseek does indeed return that address), read()
always returns 0 when I access an address in kernel virtual space!
To read it, I
(devmem is /dev/kmem, caddr is "high_memory" == 0xffffffff80523cb8)
fd = open(devmem, O_RDONLY);
lseek(mem, caddr, SEEK_SET);
read(mem, buffer, thisturn);
Am I missing something?
When I read an address in the process' address space (e.g. 0x400000), I
get data:
00400000: 7f 45 4c 46 |.ELF|
Josef
-- Josef Möllers (Pinguinpfleger bei FSC) If failure had no penalty success would not be a prize -- T. Pratchett
- Next message: Daniel Schüle: "Re: using sys_mknod, how to create a character device file from module"
- Previous message: Kasper Dupont: "Re: using sys_mknod, how to create a character device file from module"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
