ICYMI RAP bypass for root -> kernel exploits on grsec. I did find the angry grsec/PaX replies entertaining too. Remember when grsec had to pay out a quarter mil because he couldn't handle critique? H/T @silviocesare nitter.vloup.ch/uid1000/status/1… theregister.co.uk/2018/06/11…

no defeats were demonstrated. willfully running a documented insecure config is malice at best, not a defeat. and that still had nothing to do with neither PaX nor RAP per se.

Not an insecure config at all, isn't core_pattern __read_only? :) If you say it doesn't have to do with PaX, then it has to do with PaX/grsec.

core_pattern isn't read-only under PaX, nor does RAP have anything to do with data-only attacks. on the other hand you yourself admit that following the very explicit advice on grsec_lock prevents your 'attack'.

Isn't KERNEXEC was a PaX feature? ;) You know all too well that RAP is useless if code-injection is possible (it completely eliminates its purpose). Guess what? I also clearly mention this if you've missed it (which turned out to be true of course):

what does KERNEXEC have to do with core_pattern not being protected in PaX? and __read_only has nothing to do with KERNEXEC's purpose as it applies to data, not code (be that static or runtime generated), it's only a very small step towards defending against data-only attacks.

nitter.vloup.ch/uid1000/status/1… says otherwise? It has to do with KERNEXEC, what makes it possible to write to such data? ;)