摘要
Core Dump漏洞影响kernal2.6.13-2.6.17.3的多款Linux操作系统,它可以引发拒绝服务攻击和本地权限提升攻击,危害巨大。恶意进程使用prctl系统调用,通过故意制造Core Dump,可以旁路操作系统安全控制,攻击系统。通过劫持prctl系统调用,对发起系统调用的进程进行行为监视,进而检测攻击,可以有效地阻止和防御攻击的发生。把防御程序编译为可动态插入内核的模块,能在多款受影响的系统上稳定高效地运行。
A dangerous hole named Core Dump included in Linux OS kernal 2 .6.13-2.6.17.3 may bring DoS attack or upgrade the local authority. The malicious process deliberately manufactures Core Dump through prctl system call bypassing OS security controls to attack operating system.The proposal this paper raised can efficiently detect attacks then prevent or actively defense it through monitoring actions of the process who launches prctl system call .The defense program compiled as a module that can dynamicly insert linux kernal tan stably and efficiently work on many vulnerable operating systems.
出处
《计算机安全》
2009年第6期30-32,37,共4页
Network & Computer Security
基金
华北水利水电学院青年基金(基金编号:HSQJ2008016)
