• SCALE 7x: Anthony Linberry on Malicious Code Injection Via /dev/mem

Anthony Lineberry is a security researcher from Los Angeles who has been active in the security community for many years, specializing in reverse engineering code, researching vulnerabilities, and advanced exploitation development. He helped with the first iPhone jailbreak, has written an open source kernel from scratch, and feels uncomfortable speaking in the 3rd person. Professionally his experience includes working as a security researcher for McAfee, NeuralIQ, and currently with Flexilis.

Lineberry presented a talk at SCALE titled: Undermining the Linux Kernel: Malicious Code Injection Via /dev/mem.
The talk was about how to hack the Linux Kernel and gain privileged accessing using the Kernel device /dev/mem.
The talk started off with examples of some common methods for exploiting the Linux Kernel including rootkits, trojans and how to prevent against them.

The talk later into the special procedure of injecting code into /dev/mem. /dev/mem is a driver interface to physically addressable memory which can be read and written like a regular Linux character device. Some examples of fun things a user can done once they have this privileged access such as hiding files, processes, and controlling network activity were demonstrated. The last part of the talk gave examples of how to patch this specific method of gaining privileged access to the Linux kernel.

When asked what he would want to convey to his audience for his talk, he offered these insights on the /dev/mem interface:

I suppose the info I’d like to communicate is that there is no reason for the /dev/mem interface to be as wide open as it is, but at the
same time I’m not gonna start waving my arms screaming “fire” as though I realistically think everyone will be taking advantage of this problem. Its not a new problem, and people have been aware of this for quite a long time now. But I don’t think administrators are aware that if they disable module support in the Kernel to prevent Kernel based rootkits, that there are still ways to get code into the Kernel (aside from an overflow in the Kernel).

Anothy maintains a website with information about computer security at http://www.dtors.org

Coverage on the talk is available at http://dtors.org/index/code-injection-via-dev-mem

Share and Enjoy:
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • DZone
  • E-mail this story to a friend!
  • FriendFeed
  • HackerNews
  • LinkedIn
  • Reddit
  • StumbleUpon
  • Suggest to Techmeme via Twitter
  • Technorati
  • Twitter
  • FSDaily
  • Ping.fm

This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.

  1. links for 2009-03-02 « fonz.net weblog Says:
    March 2nd, 2009 at 9:04 pm

    [...] SCALE 7x: Anthony Linberry on Malicious Code Injection Via /dev/mem … (tags: scale7x) [...]

  2. Cross Site Scripting » Blog Archive » Scale 7x: Anthony Linberry on Malicious Code Injection Via /Dev/Mem Says:
    March 3rd, 2009 at 6:40 am

    [...] Anthony Lineberry is a security researcher from Los Angeles who has been active in the security community for many years, specializing in reverse engineering code, researching vulnerabilities, and advanced exploitation development. …Continue Reading… [...]

  3. Cross Site Scripting » Blog Archive » Scale 7x: Anthony Linberry on Malicious Code Injection Via /Dev/Mem Says:
    March 7th, 2009 at 7:51 pm

    [...] Anthony Lineberry is a security researcher from Los Angeles who has been active in the security community for many years, specializing in reverse engineering code, researching vulnerabilities, and advanced exploitation development. …Next Page [...]

  4. Cross Site Scripting » Blog Archive » Scale 7x: Anthony Linberry on Malicious Code Injection Via /Dev/Mem Says:
    March 10th, 2009 at 9:30 pm

    [...] Anthony Lineberry is a security researcher from Los Angeles who has been active in the security community for many years, specializing in reverse engineering code, researching vulnerabilities, and advanced exploitation development. …Continue [...]

  5. Says:
    March 11th, 2009 at 9:22 am

    [...] bookmarks tagged malicious SCALE 7x: Anthony Linberry on Malicious Code Injec… saved by 3 others     southskater04 bookmarked on 03/11/09 | [...]

Leave a Reply

You must be logged in to post a comment.