Joanna Rutkowska · Oct 1, 2016 · 5:08 PM UTC

Joanna Rutkowska @rootkovska

1 Oct 2016

Totally unrealistic. Think: "do you want to install this program? Yes/No?" Security is more than memory corruption exploits prevention...

PaX Team @paxteam

1 Oct 2016

the whole point of PaX is that you *can* click any OK button without getting owned. not there yet but close :).

PaX Team · Oct 1, 2016 · 5:15 PM UTC

PaX Team @paxteam

1 Oct 2016

and PaX is more than memory corruption prevention. think grsec, sandboxes, etc. it's just not me who does all the work ;).

Joanna Rutkowska · Oct 1, 2016 · 5:17 PM UTC

Joanna Rutkowska @rootkovska

1 Oct 2016

Do you really think you can solve the "user can click anything" problem, while still offering general purpose computing?

PaX Team · Oct 1, 2016 · 5:28 PM UTC

PaX Team · Oct 1, 2016 · 5:28 PM UTC

PaX Team @paxteam

1 Oct 2016

Replying to @rootkovska

sure, that's the whole raison d'etre of my work.

Oct 1, 2016 · 5:28 PM UTC

Evil X · Oct 1, 2016 · 5:48 PM UTC

Evil X @Evil_X_

1 Oct 2016

kernel hardening is mandatory but at one point you need userspace work too

PaX Team · Oct 1, 2016 · 6:13 PM UTC

PaX Team @paxteam

1 Oct 2016

size overflow, RAP, etc work in userland too and we're not done yet ;).

Joanna Rutkowska · Oct 1, 2016 · 6:05 PM UTC

Joanna Rutkowska @rootkovska

1 Oct 2016

Replying to @paxteam

I think you ignore the fact that some developers might create intentionally malicious programs, not just incidentally buggy.

PaX Team · Oct 1, 2016 · 6:08 PM UTC

PaX Team @paxteam

1 Oct 2016

they have the same computing power. that's where unbreakable sandboxes come into the picture. the race's on ;).

Evil X · Oct 1, 2016 · 5:49 PM UTC

Evil X @Evil_X_

1 Oct 2016

wether rbac, a lam, a full virt layer or something else