Open datawolf opened 9 years ago
Hello, it is very likely that the newer versions of the kernel make that page non writable which would explain that. I am a little busy currently but when I get time I will investigate.
Did anyone ever find a solution to this issue?
if from user space I do: asm volatile ( "ldr r7, =0xb0000000\n\t" "mov r0, #0\n\t" "svc 0\n\t" );
I get a SIGSEV "obsolete system call"
So if I change vector at 0x00000008 how can I trigger it from user space?
This is 6 years old, but for the future generations:
This won't work on anything newer than armv7, look at this commit . The blogpost runs this under the versatile
Debian build, which implies either versatilepb
or versatileab
qemu systems, which are armv5t/armv6.
That said, this should still work today.
first , i insert the module like this: insmod ./vulnmod.ko mknod /dev/dummyd c 1337 1 chmod a+rw /dev/dummyd when i execute the script './expoit.py' , some error like this: [ 191.801430] Unable to handle kernel paging request at virtual address ffff0020 [ 191.808647] pgd = c5460000 [ 191.811390] [ffff0020] pgd=af7fd821, pte=af7fe5df, *ppte=af7fe67e
my kernel version is 3.10 stable (arm), does the kernel fixed this?
thanks!