"Control-Flow Integrity for the Linux kernel: A Security Evaluation" is the work I've done for my Masters thesis where I analyze how the PaX Team's (public) RAP holds up to stop ROP when applied to the Linux kernel. You may want to check out chapter 3. alunos.dcc.fc.up.pt/~up20140…
6
66
5
204
this is a sad joke for a 'thesis' i'm afraid. you should have kept true to your word and kept us in the loop about your findings to avoid all these errors.
1
You should also keep true to your word and assume defeat as I've found ways to bypass RAP on the public test patch?
6
3
that said, what do irq stacks have to do with unreadable kstacks? what makes you think the interrupted process stacks remains readable when the kernel switch to the irq stack?
1
I didn't think that. Nor do I know why you'd think I said anything that even resembles that
1
Replying to @uid1000
"Interrupt handlers are executed when the kernel is in interrupt context, i.e., it is not associated with a task, therefore, the unreadable kernel stack feature (prevents cross-task information leaks and corruption) is insufficient."

Sep 19, 2019 · 8:07 AM UTC

1
Replying to @paxteam
Maybe, just maybe, irq stacks were left readable. All of this would've been easier to determine if I was testing on the 'real thing', which you didn't let me.
1
left readable when? when not using them? what made you think they had been?
1
more replies