Exploiting Concurrency Vulnerabilities in System Call Wrappers

Robert N. M. Watson

First presented at the WOOT'07 First USENIX Workshop on Offensive Technologies.

Abstract

System call interposition allows the kernel security model to be extended. However, when combined with current operating systems, it is open to concurrency vulnerabilities leading to privilege escalation and audit bypass. We discuss the theory and practice of system call wrapper concurrency vulnerabilities, and demonstrate exploit technques against GSWTK, Systrace, and CerbNG.

WOOT07 Workshop Paper

WOOT07 Workshop Presentation (With exploit toolkit notes and sample code)

Light Blue Touchpaper blog article on the paper and WOOT07.