First page Back Continue Last page Summary Graphics

Direct stores

UML write-protects most kernel memory on exit from kernel and write-enables it on kernel entry
Exceptions
- Two pages at start of executable
- One page of static data
- Three pages of kernel stack

Notes:

The UML kernel is mapped into the address spaces of its processes. Because of the performance impact of protecting kernel memory from userspace, it is mapped in writeable by default. In 'jail' mode (or 'honeypot' mode, which enables 'jail' if necessary), it is write-protected whenever the process is running in userspace.
There are some exceptions, some of which can be fixed but don't seem exploitable, and one of which (the kernel stack) is not fixable given the current capabilities of the host Linux, but is not exploitable.

Direct stores

UML write-protects most kernel memory on exit from kernel and write-enables it on kernel entry

Exceptions

Notes: