Closed Myldero closed 2 weeks ago
When run with MAP_FIXED, MemSpace::map has no limits to where a page is requested. Furthermore, it will always unmap any pre-existing page. This means that a user can hijack kernel pages (and thus execution) with mmap or the ELF parser.
MAP_FIXED
MemSpace::map
mmap
I seem to have fixed it in the past on the cleanup branch. Thus this issue will be closed when the PR is merged
cleanup
llenotre
commented
3 months ago
When run with
MAP_FIXED,MemSpace::maphas no limits to where a page is requested. Furthermore, it will always unmap any pre-existing page. This means that a user can hijack kernel pages (and thus execution) withmmapor the ELF parser.