[Info-vax] Malware in kernel mode, was: Re: Android development Was Re: OT: Larry Ellison takes retirement as CEO of Oracle
Johnny Billquist
bqt at softjar.se
Fri Sep 26 08:05:04 EDT 2014
On 2014-09-25 19:17, Simon Clubley wrote:
> On 2014-09-24, Johnny Billquist <bqt at softjar.se> wrote:
>> On 2014-09-24 19:19, Simon Clubley wrote:
>>>
>>> In this example, the data in the buffer would be executed as code and as
>>> VMS is a monolithic kernel all the peripheral address space is mapped in
>>> while in kernel mode.
>>>
>>> This means the code would basically be running as bare metal code while
>>> in fully privileged kernel mode and could do whatever it wanted to the
>>> attached peripherals.
>>>
>>> If the code was VMS aware, it could further hook itself into some VMS
>>> kernel module.
>>
>> The code better be VMS-aware, or it most likely will not get anywhere.
>>
>
> Actually, I called it bare metal code for a reason as there's nothing
> to stop it from (for example) trashing any directly attached storage
> without needing to know anything about VMS.
>
> It would do this by directly writing to the hardware registers as
> the way you access the hardware is the same regardless of operating
> system.
Which is not accessible to programs unless they run in kernel mode,
which then means you need to figure out how to get to kernel mode
without involving the OS...
Johnny
More information about the Info-vax
mailing list