Kexecing Jokes

Presented at Kiwicon 7: Cyberfriends (2013), Nov. 9, 2013, 11 a.m. (30 minutes)

Kexec is a Linux kernel feature that allows you to load and launch a new kernel. You might naively expect this to be implemented with some sort of rational mechanism that didn't allow userspace to stuff arbitrary code into the kernel in such a way that it then gets executed in ring 0 with no memory protection. Ha. Ha. Ha. This presentation will give a brief overview of kexec, its implementation, terrifying things that are mentioned in its documentation, and some demonstrations of it being used for the lulz.

Presenters:

• Matthew 'mjg' Garrett
  Matthew used to hack fruitflies[1], now he mostly hacks firmware. He's ported Zork to UEFI and has possibly run arbitrary code on your IPMI hardware, but by day he works to improve cloud security at Nebula. [1] Mostly into a thin paste. Have you ever tried taking one apart? It's not easy.

Links:

• https://2013.kiwicon.org/the-con/talks/#e92

Similar Presentations:

• A New HOPE (2022) / An Engineer's Guide to Linux Kernel Upgrades
• DEF CON 19 (2011) / Owned Over Amateur Radio: Remote Kernel Exploitation in 2011
• Black Hat USA 2011 / Exploiting the iOS Kernel