Code search ⋅ search. Writing kernel exploits. Kmalloc Internals. Writing kernel exploits. Gu1's Website - Bypass screensaver/locker program on xorg 1.11 and up. Par Gu1 le 19/01/2012 à 01:04 tags: low-tech hack , xorg . : Peter Hutterer, an X.org developer, posted an interesting article about this. Hi, I recently stumbled upon a funny bug^Wfeature in the Xorg server that could allow attackers with physical access to a machine to bypass the screensaver/screen locker program.
Most people use those programs to lock their computer when they are away. On Gnome, gnome-screensaver is responsible for this. On KDE, kscreenlocker is. All these tools work more or less the same way: they create a new fullscreen X window, raise it on top of the window stack and grab all mouse and keyboard events.
I will try to describe what i understand from the bug but keep in mind I'm no X11 expert. A few years ago, a special keybinding was introduced to "kill" windows who grabbed mouse/keyboard, (mostly for testing/debug purposes ?). This API allowing to disable the keybinding per application was removed in 2008 with the XFree86-Misc extension (commit here and here ). Census | The Linux kernel memory allocators from an exploitation perspective. In anticipation of Dan Rosenberg’s talk on exploiting the Linux kernel’s SLOB memory allocator at the Infiltrate security conference and because I recently had a discussion with some friends about the different kernel memory allocators in Linux, I decided to write this quick introduction.
I will present some of the allocators’ characteristics and also provide references to public work on exploitation techniques. At the time of this writing, the Linux kernel has three different memory allocators in the official code tree, namely SLAB, SLUB and SLOB. These allocators are on a memory management layer that is logically on top of the system’s low level page allocator and are mutually exclusive (i.e. you can only have one of them enabled/compiled in your kernel). They are used when a kernel developer calls kmalloc() or a similar function. Unsurprisingly, they can all be found in the mm directory. Let’s take a look at the slabs of a recent Linux kernel: Notes References. [PDF] slob exploitation.