Difference between revisions of "Posix spawn kernel information leak"

From The iPhone Wiki
Jump to: navigation, search
Line 4: Line 4:
   
 
There is a vulnerability in the method posix_spawn() in the XNU kernel. When it is used with the flag _POSIX_SPAWN_DISABLE_ASLR, it disables ASLR for the process running. On x86_64 processes it also disables heap randomization.
 
There is a vulnerability in the method posix_spawn() in the XNU kernel. When it is used with the flag _POSIX_SPAWN_DISABLE_ASLR, it disables ASLR for the process running. On x86_64 processes it also disables heap randomization.
Furthermore the flag _POSIX_SPAWN_ALLOW_DATA_EXEC enables execution on the heap
+
<br/>Furthermore, the flag _POSIX_SPAWN_ALLOW_DATA_EXEC enables execution on the heap.
   
 
== '''Credit''' ==
 
== '''Credit''' ==

Revision as of 19:13, 4 January 2014

Vulnerability used in p0sixspwn

Vulnerability

There is a vulnerability in the method posix_spawn() in the XNU kernel. When it is used with the flag _POSIX_SPAWN_DISABLE_ASLR, it disables ASLR for the process running. On x86_64 processes it also disables heap randomization.
Furthermore, the flag _POSIX_SPAWN_ALLOW_DATA_EXEC enables execution on the heap.

Credit

I0n1c

Links

Writeup by i0n1c p. 4 ff.