Kernel Exploitation Part Three
This post is the third part of my notes from the lecture about kernel exploitation of pwn.college. Read the previous post first:
We continue on the different types of architecture or philosophy of kernels:
- Monolithic kernel:
A Monolithic kernel loads any module within ring 0. Meaning every module operates with the boundary as every aspect of the code.
- Micro kernel:
A Microkernel is the opposite of a monolithic kernel. It means that the kernel only executes a few lines of code within ring 0. The CPU will operate any other code within the lower privilege rings. An example of a Microkernel is minix. However, it is slow because whenever a fewer privileges ring needs to talk to ring 0, it needs to switch context or something like that. Here is a fun fact: Intel has moved minix into the Intel ME. With newer CPU generations from Intel, they dropped the hardware specifies ARC processor and embedded an Atom processor instead. The software is using minix as its OS.
- Hybrid Kernel:
A mix of both. Windows NT and modern Mac OS are examples. Some part of the code is in ring 0 others are not.
How does this matter to us? Because Linux allows exploitation of faulty drivers to gain higher privileges!