executing insmod hangs the entire os

Saumendra Dash saumendra.d at hcl.com
Wed Feb 18 01:46:17 EST 2015

On Tue, 17 Feb 2015 21:46:00 +0530, noyb noybee said:

>> am on a VM running CentOS 6.6 with kernel version 2.6.32-504.

>Which probably has kernel relocation and ASLR enabled.

>> unsigned long *syscall_table = (unsigned long *)0xffffffff81600560;

>So that isn't pointing at the syscall table in the running kernel.

>>     syscall_table[__NR_chroot] = new_chroot;
Leave apart the security holes / undocumented ways etc. raised by Valdis, the way you are getting the address of the syscall table( from System.map), and then changing that will only hang the system.
The syscall table is read only. You need to make it writable by changing the write protection bit in the Control Regs.

Hope it helps.



The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only.
E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted,
lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents
(with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates.
Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the
views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification,
distribution and / or publication of this message without the prior written consent of authorized representative of
HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately.
Before opening any email and/or attachments, please check them for viruses and other defects.


More information about the Kernelnewbies mailing list