i'd propose to name the upcoming linux 5.0 kernel as Easter Egg Hunt Come Early and kick it off with 61cb5758d3c46bc1ba87694fefc0d9653613ce6b.
2
3
7
look at what the cat^W^Warxiv has just dragged in: arxiv.org/abs/1902.10880 . finally someone dispels a myth, many more to go :).
16
1
23
KSPP fairy tale du jour: openwall.com/lists/kernel-ha… … (hint: if RANDKSTACK was inspired by stackjacking then how could the supposed inspiring presentation have talked about it? perhaps because in reality it had already existed for almost a decade? :))
2
5
12
interesting paper from SP19: SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security
(pdf: computer.org/csdl/proceeding… abstract: computer.org/csdl/proceeding…)
15
26
almost 6 years later STRUCTLEAK comes to Windows:
Please join the Windows kernel in wishing farewell to uninitialized plain-old-data structs on the stack. As of today's WIPFast build, any Windows code compiled with /kernel also gets compiled with InitAll, a compiler security feature that initializes POD structs at declaration.
Show this thread
1
10
1
34
A Systematic Evaluation of Transient Execution Attacks and Defenses:
arxiv.org/abs/1811.05441
1
4
9
Reminded during the 4.19 port the repeating theme of kernel devs still not understanding what they upstream from us: compare git.kernel.org/pub/scm/linux… to git.kernel.org/pub/scm/linux… . it cost the totally unnecessary realignment of a hundred lines of code in a core VM structure /o\.
2
9
so on the heels of nitter.vloup.ch/halvarflake/stat… we've just got another academic paper (sajjadium.github.io/files/ac…, on no less than RAP itself) that thinks that calling execve = arbitrary code exec. off to a bad start...
After yesterday's discussion about the use of Turing-Complete in exploitation papers, and realizing how commonly the other important term close to my heart, "weird machine", is misunderstood, I wrote a (rather unpolished) blog post about it. addxorrol.blogspot.com/2018/…
6
1
9
arxiv.org/abs/1809.00821 is worth a read, esp. for those who are complaining about UB all the time.
2
6
careful with the last two 'stable' 4.14/4.16 kernels: bugzilla.kernel.org/show_bug… . workaround: enable CONFIG_HMM_MIRROR for now.
4
5
this will be fun to watch as it plays out, the blind leading the blind.... openwall.com/lists/kernel-ha…
4
10
opal_error_to_human shows how subtle and deep Spectre v1 can go. this one is probably not useful but it shows the evolving power of our Spectre v1 static analysis tool. only 2600+ instances to go through ;).
1
1
7
looks like Linus went crazy one too many times: openwall.com/lists/kernel-ha…
5
7
one wonders whether this professional beauty was let in to win the longest arg list award in linux: git.kernel.org/pub/scm/linux…
6
27
3
48
just stumbled upon another expertly reviewed KSPP commit: git.kernel.org/pub/scm/linux…. hint: ctrl-f is your friend to find this a few lines below: git.kernel.org/pub/scm/linux…
2
2
11
is it just me or did SPECTRE manifest @halvarflake's "weird machine" concept in real hardware? i hope someone's already working on a paper about the computational power of this machine.
5
2
9
looks like we have a fix finally for nitter.vloup.ch/paxteam/status/9… ... only in time for lkml.org/lkml/2017/12/28/64 . maybe the holidays aren't the best time for such deep changes...
So now we know the answer to this: nitter.vloup.ch/grsecurity/statu…
It took two stable releases to fix this obvious double free and boot crash on systems using IPMI: git.kernel.org/pub/scm/linux…
Show this thread
3
4
when the sound of 0day whooshes over one's ego...
Pour one out for this really nice Linux kernel bugdoor that P0 killed a few hours ago. Straight up unlimited R/W to all kernel memory via ebpf verifier bypass. One of the best/worst Linux kernel vulns of all time
Show this thread
6