new grsecurity blog post on today's Linux kernel JIT spray attack news: forums.grsecurity.net/viewto…
49
51
spender's prepared a small FAQ on RAP at grsecurity.net/rap_faq.php .
1
56
55
re: code.google.com/p/google-sec… PAX: size overflow detected in function xt_alloc_table_info net/netfilter/x_tables.c:659 decl: __kmalloc
19
21
@picfim @grsecurity RAP scales from xen to linux to chromium (all implemented and tested) though fixing userland is for another life ;).
1
@picfim @grsecurity but as i said, supporting this would greatly eliminate the security value of RAP (think chromium vs. flash plugin).
1
@picfim @grsecurity the only way to support it is to remove the hash check, e.g., by marking the indirect transfer with an attribute.
@picfim @grsecurity the kernel's also special in that there're more opportunities to renew the xor cookie in infinite loops, etc.
@picfim @grsecurity as for patches, everything i threw RAP at so far needed fixes (i think you had the same experience ;).
@picfim @grsecurity depends on demand, for now i prefer full coverage and thus no exceptions. why should the type hash be moved anywhere?
@picfim @grsecurity linking works but indirect transfers to uninstrumented code fail the type hash check at runtime (this is by design).