| 劫持Linux系统调用封杀Core Dump漏洞攻击 |
| |
| 引用本文: | 王畅,薛素静. 劫持Linux系统调用封杀Core Dump漏洞攻击[J]. 计算机安全, 2009, 0(6): 30-32 |
| |
| 作者姓名: | 王畅 薛素静 |
| |
| 作者单位: | 华北水利水电学院,信息工程学院,河南,郑州,450011;华北水利水电学院,信息工程学院,河南,郑州,450011 |
| |
| 基金项目: | 华北水利水电学院青年基金(基金编号:HSQJ2008016) |
| |
| 摘 要: | Core Dump漏洞影响kernal2.6.13-2.6.17.3的多款Linux操作系统,它可以引发拒绝服务攻击和本地权限提升攻击,危害巨大。恶意进程使用prctl系统调用,通过故意制造Core Dump,可以旁路操作系统安全控制,攻击系统。通过劫持prctl系统调用,对发起系统调用的进程进行行为监视,进而检测攻击,可以有效地阻止和防御攻击的发生。把防御程序编译为可动态插入内核的模块,能在多款受影响的系统上稳定高效地运行。
|
| 关 键 词: | Gore Dump漏洞 劫持Linux系统调用 prctl系统调用 主动防御 本地权限提升攻击 |
Hijeck Linux System Cell Force Out Core Dump Hole Attack |
| |
| WANG Chang,XUE Su-jing. Hijeck Linux System Cell Force Out Core Dump Hole Attack[J]. Network & Computer Security, 2009, 0(6): 30-32 |
| |
| Authors: | WANG Chang XUE Su-jing |
| |
| Affiliation: | Institute of Information Engineering;North China Institute of Water Conservancy and Hydroelectric Power;Zhengzhou;Henan 450008;China |
| |
| Abstract: | A dangerous hole named Core Dump included in Linux OS kernal 2.6.13-2.6.17.3 may bring DoS attack or upgrade the local authority. The malicious process deliberately manufactures Core Dump through prctl system call bypassing OS security controls to attack operating system.The proposal this paper raised can efficiently detect attacks then prevent or actively defense it through monitoring actions of the process who launches prctl system call .The defense program compiled as a module that can dynamicly insert l... |
| |
| Keywords: | Core Dump hole hijack linux system call prctl system call active defence upgrading the local authority |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
