a myth from the same academic jokers^Wresearchers who graced us with their ASLR 'research' in the past: in res.mdpi.com/d_attachment/ap… table 2 shows RAP vulnerable to ret2user (it isn't, after all we invented KERNEXEC/i386 in 2003 and UDEREF in 2006 :) but everybody else not...

Oct 29, 2019 · 11:40 AM UTC

2
14
23
Replying to @paxteam
In fairness, the authors cite another paper for the RAP statement. The cited paper argues that RAP is vulnerable to ret2user attacks, because it doesn't protect register contents on the kernel's interrupt stack. Is that not the case? (I don't know how RAP works personally.)
1
didn't say they were the only ones to be wrong about this nor that this statement alone was the only wrong one (it's the inconsistency compared to the others). re: ret2user, i told you what PaX features had solved it over a decade ago :). and no, it's not RAP's job.
Replying to @paxteam
How hard it would be to contact you about it? I don't understand - research sometimes resembles me to mainstream media. I heard a researcher saying lately: we throw the stuff on the publication market. Yes, he ment it and he was damn right.