Federico Bento · Sep 13, 2019 · 12:30 PM UTC

Federico Bento

Federico Bento @uid1000

13 Sep 2019

"Control-Flow Integrity for the Linux kernel: A Security Evaluation" is the work I've done for my Masters thesis where I analyze how the PaX Team's (public) RAP holds up to stop ROP when applied to the Linux kernel. You may want to check out chapter 3. alunos.dcc.fc.up.pt/~up20140…

204

PaX Team · Sep 13, 2019 · 9:30 PM UTC

PaX Team @paxteam

13 Sep 2019

this is a sad joke for a 'thesis' i'm afraid. you should have kept true to your word and kept us in the loop about your findings to avoid all these errors.

Federico Bento · Sep 13, 2019 · 10:26 PM UTC

Federico Bento @uid1000

13 Sep 2019

You should also keep true to your word and assume defeat as I've found ways to bypass RAP on the public test patch?

PaX Team · Sep 18, 2019 · 9:52 PM UTC

PaX Team · Sep 18, 2019 · 9:52 PM UTC

PaX Team @paxteam

18 Sep 2019

Replying to @uid1000

that said, what do irq stacks have to do with unreadable kstacks? what makes you think the interrupted process stacks remains readable when the kernel switch to the irq stack?

Sep 18, 2019 · 9:52 PM UTC

Federico Bento · Sep 18, 2019 · 10:25 PM UTC

Federico Bento @uid1000

18 Sep 2019

Replying to @paxteam

I didn't think that. Nor do I know why you'd think I said anything that even resembles that

PaX Team · Sep 19, 2019 · 8:07 AM UTC

PaX Team @paxteam

19 Sep 2019

"Interrupt handlers are executed when the kernel is in interrupt context, i.e., it is not associated with a task, therefore, the unreadable kernel stack feature (prevents cross-task information leaks and corruption) is insufficient."

more replies