[Info-vax] Malware in kernel mode, was: Re: Android development Was Re: OT: Larry Ellison takes retirement as CEO of Oracle
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Thu Sep 25 13:17:51 EDT 2014
On 2014-09-24, Johnny Billquist <bqt at softjar.se> wrote:
> On 2014-09-24 19:19, Simon Clubley wrote:
>>
>> In this example, the data in the buffer would be executed as code and as
>> VMS is a monolithic kernel all the peripheral address space is mapped in
>> while in kernel mode.
>>
>> This means the code would basically be running as bare metal code while
>> in fully privileged kernel mode and could do whatever it wanted to the
>> attached peripherals.
>>
>> If the code was VMS aware, it could further hook itself into some VMS
>> kernel module.
>
> The code better be VMS-aware, or it most likely will not get anywhere.
>
Actually, I called it bare metal code for a reason as there's nothing
to stop it from (for example) trashing any directly attached storage
without needing to know anything about VMS.
It would do this by directly writing to the hardware registers as
the way you access the hardware is the same regardless of operating
system.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
More information about the Info-vax
mailing list