earlier replies
Replying to @pabloinfosec @marcan42 @paxteam @lazytyped
christ this whole thing is dumb. here’s a challenge: give me a kernel binary. not the secret jewels, just a binary, but it has to have[..]
1
1
[..]all the protections of the commercial version enabled. and i will break it, if only to take out my annoyance.
1
1
you can compile a kernel so cut your teeth on the public version first and see how you fare then we'll talk about the next step.
2
2
Of course, that is exactly what /you/ want: to be able to claim that my results are invalid for some reason or other.
1
1
if you're unsure if a given exploit technique is in scope just ask me.
2
(I do have other things to do, so it may be a few days before I have enough time, but no more than a week.)
1
given that you announced your intention a year ago, i think i can wait a little longer ;).
1
did you fix the issue I pointed out… I think it was a few months ago? with rbp/rsp
1
that nitter.vloup.ch/paxteam/status/8… ? the private version has always had a pass to undo the damage (and more that you aren't aware of yet).
PaX Team @paxteam
26 Apr 2017
Replying to @comex
you mean the gcc codegen 'feature' when frame ptrs are enabled? imagine it's fixed or frame ptrs are off and work from there.
1
does the public one have it now or do i just have to guess what works and what doesn’t?
1
Replying to @comex @marcan42 @lazytyped
no it does not but you can also tell by looking at the generated asm, no need to guess. i suggested to disable frame ptrs as an alternative.

Apr 29, 2017 · 10:28 PM UTC

1
Replying to @paxteam @marcan42 @lazytyped
huh? i asked for a binary of the private version and you said no. so how could i tell by looking at the generated asm?
1
you asked if the public one had it and you can certainly look at its output.
1
more replies