First page Back Continue Last page Summary Graphics
One page of text
- Writeable, but is never executed after bootstrap
One page of data
- contains errno
- user can fiddle UML's errno to heart's content
There are two pages of the kernel binary which are not shared between all the threads in that virtual machine. These pages are writeable.
One contains code which is executed early in the UML bootstrap and never run again. Polluting this therefore can't affect UML.
The other is a data page, and contains only errno. The purpose of this is to provide each thread with a private copy of errno. A malign process can therefore change the kernel's value of errno arbitrarily, but that seems unlikely to be exploitable.
In any case, the page of code is likely to be simply unmapped and thrown out. The errno page may be write-protected. It would have to be the last page protected, and if mprotect sets errno to 0 on success, then that assignment will fault because it just made that page unwriteable.