Matthew Garrett (@mjg59@nondeterministic.computer) · Jan 31, 2021 · 9:52 PM UTC

Matthew Garrett (@mjg59@nondeterministic.computer)

Matthew Garrett (@mjg59@nondeterministic.computer) @mjg59

31 Jan 2021

It's going to be fascinating seeing how many random out of tree binary modules get broken by git.kernel.org/pub/scm/linux…

Mathias Krause | @minipli@infosec.exchange · Feb 1, 2021 · 8:32 AM UTC

Mathias Krause | @minipli@infosec.exchange @_minipli

1 Feb 2021

Oh well, what’s the point of this exercise when it’s so easy to bypass? 🤔

Mathias Krause | @minipli@infosec.exchange · Feb 1, 2021 · 8:55 AM UTC

Mathias Krause | @minipli@infosec.exchange @_minipli

1 Feb 2021

Or, even simpler, by just renaming the .text section with objcopy:

Matthew Garrett (@mjg59@nondeterministic.computer) · Feb 1, 2021 · 3:50 PM UTC

Matthew Garrett (@mjg59@nondeterministic.computer) @mjg59

1 Feb 2021

If you're in a position where you can load arbitrary code into the kernel then, from a security perspective, you've already lost. This is supposed to discourage poor practices, not make it impossible to do bad things.

PaX Team · Feb 2, 2021 · 1:53 PM UTC

PaX Team · Feb 2, 2021 · 1:53 PM UTC

PaX Team @paxteam

2 Feb 2021

Replying to @mjg59 @_minipli

if that's the goal then it's a design fail. the only thing this will encourage (instead of discouraging anything) is to go around the technical 'hurdles'. seriously, is someone short on achievements for the quarterly review or what?

Feb 2, 2021 · 1:53 PM UTC