[openbeos] R5 stuff... (bis)
- From: François Revol <revol@xxxxxxx>
- To: openbeos@xxxxxxxxxxxxx
- Date: Sun, 28 Jul 2002 16:48:50 +0200 (MEST)
Ok, another exploit and I explain:
[revol@patrick /boot/home/devel/mmap]$ ./mmtest2
libmoreposix:_init()
__init_mmap_stuff(): mmap_driver_fd = 3
open(/boot/home/testret, O_RDONLY))
mmap(00000000, 4096, 00000004, 00000001, 4, 0)
func = mmap( PROT_READ|PROT_EXEC)
@func: 0x90, 0xc3, 0x90, 0xc3
calling !
returned from func !
libmoreposix:_fini()
---
[revol@patrick /boot/home]$ listarea 1352|grep mmap
30281 mmap_user a0000000 1000 1000 0 0 0
What I did is I hacked the JBQ mmap driver a bit further, and even did some
kernel H4cK1nG :)
because filedes in drivers are owned by kernel_team, not the calling thread...
I'll maybe write a newsletter article explaining in detail, this is also
informative for OBOS btw... (there's sys_read() and user_read() involved :)
Of course this one isn't a full blown mmap(), as it doesn't deal with
pages, only whole file :-(
But it still may help in the mean time.
Also, looking at Plex86 sources (*grin*), it seems Linux can mmap() device
drivers... I think we could include this behaviour too, either using ioctl()
or a new entry in the driver_hook struct... but this is GE stuff btw.
François.
Other related posts:
