
Corrupting the ARM Exception Vector Table - platz
http://doar-e.github.io/blog/2014/04/30/corrupting-arm-evt/
======
kabdib
Having this page be kernel-writable is just asking for trouble. In days of
yore (the Apple Newton) these vectors were in ROM.

On the Newton, our memory management guy (hi, Bob!) went the extra mile and
made sure that MMU mappings weren't mapped; you had to run a piece of code
that was mapped in the same location physically as well as virtually that
turned off the MMU, frobbed the page tables, and then turned translation on
again. The theory was that we kept patches in battery-backed RAM, and we
wanted to dramatically reduce the chance that they could be over-written, even
by the kernel.

Not really sure the extra complexity was worth it, but I never heard of a
Newton losing its patches short of utterly exhausting the backup battery. (It
probably helped that we weren't under active attack, pretty much ever :-) )

~~~
drudru11
The Newton had a lot of great tech. Thx for posting. I really liked their
clever hardware protection system that was done in a single address space
style.

------
stbtrax
Good write up, only gripe is that the font is unreadable.

------
rjsw
The article doesn't look to be using very recent Linux.

Newer ARM variants don't have their vectors at that address.

