[Info-vax] Malware in kernel mode, was: Re: Android development Was Re: OT: Larry Ellison takes retirement as CEO of Oracle
David Froble
davef at tsoft-inc.com
Fri Sep 26 13:13:53 EDT 2014
Johnny Billquist wrote:
> On 2014-09-25 19:17, Simon Clubley wrote:
>> On 2014-09-24, Johnny Billquist <bqt at softjar.se> wrote:
>>> On 2014-09-24 19:19, Simon Clubley wrote:
>>>>
>>>> In this example, the data in the buffer would be executed as code
>>>> and as
>>>> VMS is a monolithic kernel all the peripheral address space is
>>>> mapped in
>>>> while in kernel mode.
>>>>
>>>> This means the code would basically be running as bare metal code while
>>>> in fully privileged kernel mode and could do whatever it wanted to the
>>>> attached peripherals.
>>>>
>>>> If the code was VMS aware, it could further hook itself into some VMS
>>>> kernel module.
>>>
>>> The code better be VMS-aware, or it most likely will not get anywhere.
>>>
>>
>> Actually, I called it bare metal code for a reason as there's nothing
>> to stop it from (for example) trashing any directly attached storage
>> without needing to know anything about VMS.
>>
>> It would do this by directly writing to the hardware registers as
>> the way you access the hardware is the same regardless of operating
>> system.
>
> Which is not accessible to programs unless they run in kernel mode,
> which then means you need to figure out how to get to kernel mode
> without involving the OS...
>
> Johnny
>
Well, this is what a few of us have been saying all along. >>IF<< some
malware gets loose and executes while the CPU is running in kernel mode
(or EXEC mode for that matter) and >>IF<< that malware is x86
instructions, then it can take over the entire system.
What it might be capable of doing is another matter.
More information about the Info-vax
mailing list