A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Containing Privileged Processes with SELinux and PaX and Attacking Hardened Systems — Parker Schmitt (Circle City Con 2014 Videos) (Hacking Illustrated Series InfoSec Tutorial Videos)

Containing Privileged Processes with SELinux and PaX and Attacking Hardened Systems — Parker Schmitt
Circle City Con 2014

Abstract: Many processes running as services need privileges and often run as root. Some of them downgrade their privileges or run as other users however this is (contrary to popular belief) uncommon. In addition, some processes may not downgrade their privileges sufficiently and if exploited the attacker has far more room to pivot. The way to heavily mitigate this is with Mandatory Access Controls such as SELinux or GRSecurity’s RSBAC. This will make each process need specific permissions for each resource. There will be a discussion how to configure SELinux for the least amount of pain in addition to some other hardening mechanisms. We will discuss some advantages of MAC systems in virtualization and also discuss (since this is blackhat) how to behave as an attacker when dealing with hardened Linux systems and what to expect.

SELinux is not very difficult to administer however many admins are afraid of it. Some distros come with it by default, including some android implementations. However, because permissions can be done with SELiunx using the MAC system and therefore the Discressionary Access Controls are not necessary, if it is disabled the administrator opens up many opportunities for post-exploitation as the maintainers do not have much of a reason to configure the services to run as non root users.

With PaX we can actually prevent remote code execution and mitigate many impacts of exploitation and in many instances prevent exploits. We will show tested exploits failing with PaX. We will show PaX “”catching”” the attacker.

There will be demos preventing exploitation of vulnerable binaries. PaX will also be demonstrated to show the ease/annoyance of DoS. Not knowing about this can be dangerous. We will be using some new exploits such as CVE-2013-1763 in Linux 3.3-3.8 (the recent privilege escalation exploit) and show how the hardening can prevent exploitation and/or render the privilege escalation useless.

Back to Circle City Con 2014 Videos list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast