PaX Team retweeted
Thank you, Peter, for this concise description of the PAX_SIZE_OVERFLOW GCC plugin! Created in 2012, it was one of the first GCC plugins added to grsecurity. It was very advanced for its time, and in 2024, still is: lists.openwall.net/linux-har…
1
2
7
PaX Team retweeted
The purpose of the CVE system isn't a "first scrub" of potential issues based on automated commit message greps. You can't say the problem is a handful of bogus CVEs and also say the solution is to flood the system with 100x more of them and expect people to fix the created mess.
1
4
12
PaX Team retweeted
A weakness 23 years in the making: binaries and libraries built with an older toolchain act as timebombs against ASLR under "recent" Linux kernel and glibc changes.
Users: Check your exposure!
Developers: Rebuild binaries to achieve full ASLR benefit!
grsecurity.net/toolchain_nec…
5
33
2
62
PaX Team retweeted
A short Friday afternoon blog announcing a new version of paxtest with some useful new tests to get you ready for Monday! grsecurity.net/paxtest_relea…
12
20
PaX Team retweeted
Ow, the talks for #H2HC2023 are really looking amazing! Thanks to all who submitted and to our outstanding technical commitee!
@spendergrsec @paxteam @pinkflawd @matrosov @h2hconference
Acabamos de publicar mais 4 palestrantes. A grade da #H2HC2023 esta epica. 20 anos de @h2hconference h2hc.com.br
12
1
35
PaX Team retweeted
Here's a short new blog from @_minipli on the results of our exploit review applied to a recently-described in-the-wild Android kernel exploit.
It shows how we use our compiler-based defenses to land security improvements for customers quickly:
grsecurity.net/constify_fast…
28
1
43
PaX Team retweeted
It's been reported this week that Linux is sunsetting its six-year XLTS experiment started in 2017. Going forward, newly chosen upstream LTS kernels will only receive two years support. See how grsecurity's three-year LTS can help affected businesses: grsecurity.net/stability_in_…
9
2
25
...and with some more work kvmclock and similar users won't need to change at all :)
KERNSEAL infrastructure, building upon a number of earlier design choices, makes it nearly trivial to achieve some impressive security goals.
With a small change to kvmclock, we now have KVM where none of the guest memory is mapped/accessible at the hypervisor level at all!
2
3
8
PaX Team retweeted
If you've been noticing your >= 5.4 LTS Linux kernel from the last month rarely/randomly hang forever at boot, it's not just you. @_minipli tracked down the culprit and provides a root cause analysis here: lore.kernel.org/lkml/5a56290…
1
6
1
43
About 20y ago, as an evolution from the userland defenses, PaX started on the kernel self-protection journey with KERNEXEC. NX kernel pages on i386 (using segmentation, no actual NX bit then), some read-only kernel data, etc. Still riding high :).
3
13
43
PaX Team retweeted
Nice day when that page table corruption you observe only twice in 3 months ends up being (ironically) an off-by-one in a bad off-by-one testcase in LKDTM
1
8
PaX Team retweeted
I thought this looked familiar: git.kernel.org/pub/scm/linux… I found/fixed it ages ago by virtue of RANDSTRUCT, let me see when
1
2
12
well, well, yet another incredible linux security improvement, some 15y after your first public description of the technique. its completeness is ensured by the total elimination of 5f/c3 from vmlinux. oh wait...
Can I coin the phrase "shell-game defense"? Where it looks like something's happening, but in the end you're just getting scammed: lists.openwall.net/linux-har…
1
1
6
PaX Team retweeted
Today we follow up with @_minipli's investigation into same-type/same-address UAF vulnerabilities in the Linux kernel, including 2 PoC exploits and a discussion of a defense involving a compiler plugin that he developed. Enjoy!
grsecurity.net/exploiting_an…
4
64
2
116
today's puzzle is e10cd4b00904db127b178859d81f6b5d05d16c67 (not really a 0-day if you consider how long it's been out in the open). now the interesting question is whether LBT can spin the fix without mentioning security :).
2
1
14
About 20y ago, as part of a contract job, I documented my ideas on pax.grsecurity.net/docs/ explaining the PaX threat model, the exploit technique based defenses, data-only attacks, CFI, etc. Little did I know that this would set a path that many others would follow year later.
5
32
1
151
PaX Team retweeted
We've just released GCC plugin-powered (and SLS-aware) Retbleed fixes for #grsecurity kernel versions 5.4, 5.15, and 5.17. An in-depth customer knowledge base article from @wipawel has also been published. Please reach out if you have any questions.
9
2
18
PaX Team retweeted
Finally came around to pick up some compiler plugin work I started earlier this year to complete the bug class handling.
Expect new goodies in @grsecurity and a writeup behind the feature’s reasoning soon.
The feature will be improved even further in the near future with yet another plugin-based component developed by @_minipli as well.
Show this thread
4
1
15
PaX Team retweeted
Tetragone: A Lesson in Security Fundamentals
grsecurity.net/tetragone_a_l…
91
9
254
