PaX Team retweeted
Weird, for years Google employees have been dismissing RAP for being incompatible with XOM (despite the latter being pointless with CFI), now suddenly since their employer is pushing KCFI (which tries to be a wanna-be RAP), that concern suddenly vanished: lists.openwall.net/linux-har…
1
1
20
PaX Team retweeted
I will be talking tomorrow about branch predictors and SLS. If this topic is of interest to you, please join me at @hardwear_io webinar (it’s free). #TooManySlidesTooLittleTime
2
8
19
PaX Team retweeted
While ucode 0x22 (as released as part of our blog) fixes the processor bug mentioned therein, ucode 0x24 (released in February) reintroduces it 🤦♂️
Can somebody at Intel *pretty, please* hand the ucode devs a proper source code revision management tool? Thanks!
New blog post from @_minipli : Watch Your Step(ping): Atoms Breaking Apart
grsecurity.net/watch_your_st…
Join us on a deep dive into a customer-reported issue that ended up being an Intel Atom CPU bug unfixed on a specific stepping. A microcode update fixing the issue is provided.
3
21
1
50
PaX Team retweeted
Slides for @spendergrsec's @bluehatil 2022 keynote: "Compilers: The Old New Security Frontier" are now available at: grsecurity.net/papers
PDF: grsecurity.net/Compilers_The…
PPT (w/ speaker notes): grsecurity.net/Compilers_The…
36
2
70
PaX Team retweeted
Here comes my new blog article describing some more adventures (CVE-2021-26341) with AMD's branch predictor. This time it's kind of a funny story... grsecurity.net/amd_branch_mi…
7
67
8
157
PaX Team retweeted
Join us in Part 2 of @wipawel's research into AMD's branch predictor, starting with a story of his first day working with @opensrcsec analyzing a single byte change to RAP and ending up with a CVE for a new case of Straight-Line Speculation on call/jmp: grsecurity.net/amd_branch_mi…
1
9
19
PaX Team retweeted
Dirty Pipe is a nasty upstream Linux kernel vulnerability affecting Linux >= 5.8, found by Max Kellermann: dirtypipe.cm4all.com/ It allows writing to arbitrary read-only files, similar to DirtyCoW. #grsecurity backported the silent fix in all patches after February 22nd.
1
114
8
250
PaX Team retweeted
OSS President (@spendergrsec) will be giving a keynote Thursday, March 3rd at @bluehatil on the topic of compiler-based security. See you there!
2
1
PaX Team retweeted
Today we present deep research from our @wipawel into the branch predictor of AMD CPUs and abusing its behavior to exploit Spectre v1 much more easily than previously understood, culminating in reproducing an arbitrary kernel mem leak PoC in only 3 days.
grsecurity.net/amd_branch_mi…
5
85
8
219
PaX Team retweeted
Today's #grsecurity beta patch integrates a new defense from @_minipli for a difficult class of vulnerability in the Linux kernel. It will be enhanced with a new GCC plugin in the near future. See the commit log for more information, or soon, an in-depth knowledge base article.
5
1
10
he did the same to me a few years ago and i stopped his censorship by not sending him anything anymore. linux users lose, he 'wins'.
We provided a fix for the first issue and all necessary backports. The commit message that was provided directly to Linus mentioned "This fixes CVE-2022-22942", but this has been inexplicably removed from the upstream commit: git.kernel.org/pub/scm/linux…
Show this thread
1
8
1
11
after many years of procrastination, private (née unreadable) kstacks are about to graduate from PoC to production. not possible without some existing infrastructure we've developed for UDEREF and other features over a decade ago. payoff++ :)
3
8
31
PaX Team retweeted
As part of our new GitHub organization, OSS' @wipawel does a deep-dive into a @HexRaysSA IDA Pro plugin that he developed focusing on Linux kernel alternatives:
grsecurity.net/linux_kernel_…
1
15
2
47
PaX Team retweeted
New blog post from @_minipli : Watch Your Step(ping): Atoms Breaking Apart
grsecurity.net/watch_your_st…
Join us on a deep dive into a customer-reported issue that ended up being an Intel Atom CPU bug unfixed on a specific stepping. A microcode update fixing the issue is provided.
1
58
6
133
PaX Team retweeted
For the past 3 months, we had the talented @Markak_ (co-author of last year's "elastic objects" paper) investigate how #grsecurity's compiler-driven AUTOSLAB feature changes kernel heap exploitation (positively or negatively). His writeup is now available: grsecurity.net/how_autoslab_…
3
50
5
103
PaX Team retweeted
First picture, me to eBPF devs in 2016, second picture Qualys in 2021 exploiting the exact property I mentioned
2
80
2
344
PaX Team retweeted
New Blog Post: The Complicated History of a Simple Linux Kernel API
grsecurity.net/complicated_h…
34
1
81
last year RAP learned to produce even finer grained type equivalence classes that other solutions need LTO for. now it learned to go beyond that, still without LTO.
2
2
3
8
lkml.org/lkml/2021/5/5/1244 not only exposes a funny Tenet moment ("mostly 2020-11 through 2020-02") but also how many security fixes were covered up over the years. good job there, however unintended :).
1
2
PaX Team retweeted
On April 15th, we directly reported a vulnerability in the Nitro Enclaves kernel driver: seclists.org/oss-sec/2021/q2… While the report correctly notes it doesn't affect the security of the enclaves, it is a kernel privesc vuln reachable by users who can create enclaves.
1
9
2
21