Executing user space code in kernel space
I noticed that in kernel mode it is possible to read / write from / to some application memory (which I am in context), but CANNOT execute user space code.
I'm guessing it has something to do with the kernel code segment (limit and granularity). Is there a way to execute user-space addresses? I know this violates the Linux security model and so on, I just wonder at my own curiosity if it is possible to trick the Linux kernel into executing user-space code.
source to share
A user space program has its own virtual address space (<0xC0000000) and it is not possible to execute such a program from kernel space (> 0xC0000000). You should probably look at the user-helper-api ( Calling user-space applications from the kernel ) and Linux interprocess communication (IPC) kernel sockets, shared memory and signals. Networking tools use IPC (kernel sockets) for communication. Drivers use the user-helper-api to notify user-space of some events. If you are curious about how to work with a user-space binary program, you can look for the linux kernel module UPROBE (uprobe can parse user-space binaries and edit instructions for user-space).
source to share
Assuming Linux on x86 systems, 32 bits (since the OP did not provide this information):
The kernel is visible from any process, and although in a particular process context, the kernel can read and write to any memory address that the process has mapped to the memory card. This also means that a call can be made to execute some code below the 0xc0000000 label (for 32-bit Linuxes), provided that:
- The code does not issue system calls.
- The kernel locks the memory that the code resides in and the data it uses, so there will be no page faults when the code is executed.
- If the kernel uses the NX function to mark pages as non-executable, it must de-mark the pages where the code to be executed is executed.
- The code doesn't throw any other exceptions like division by zero.
source to share