krf icon indicating copy to clipboard operation
krf copied to clipboard
verified publisher icon trailofbits

Configurable targeting strategies

Open woodruffw opened this issue 6 years ago • 0 comments

Right now, KRF can only target a process based on its personality(2) mask. This works really well, but we should support other techniques.

Candidate techniques (not exhaustive):

  • PID (or list of PIDs)
  • GID (or list of GIDs)
    • A very early version of KRF did this, and it worked fine. We should re-add it.
  • Processes that have a given file/file-like object open

Since we're operating in user context during a syscall, we should be able to target on anything present in task_struct. There's probably additional context we can safely test.

Doing this will also give us a nice interface for writing a kernel-independent targeting system, which will help with #8.

woodruffw avatar Jun 06 '19 16:06 woodruffw