[grsec] KERNEXEC^Vmware?

pageexec at freemail.hu pageexec at freemail.hu
Thu Jan 19 08:50:47 EST 2006

> the open/close kernel calls (actually, macros that are inlined and
> not 'exported') are my 'official' way to give write access to
> otherwise read-only kernel memory so using them is the right way ;-).

so i did some digging around last night and the open/close code
works as expected, however there's a much bigger problem then.

namely, the vmware context switch code (SwitchToMonitor in task.c)
that i think uses code placed at a specially reserved virtual
address and is apparently outside of the normal kernel/module
.text space.

i don't know how to solve that, it'll require quite some surgery
(like defining a new ring-0 code segment in the GDTs, and calling
the switch code through call far, etc) and have no time for this,
but it's a nice undertaking for anyone interested in sharpening
his/her protected mode programming skills ;-).

More information about the grsecurity mailing list