Markus Vervier · Jun 19, 2017 · 3:38 PM UTC

Markus Vervier @marver

19 Jun 2017

This is big research. Stack overflows (exaustion) _are_ exploitable in user space.

This tweet is unavailable

joernchen · Jun 19, 2017 · 3:44 PM UTC

joernchen @joernchen

19 Jun 2017

turns out it has been around for over a decade

PaX Team @paxteam

19 Jun 2017

An Ancient Kernel Hole is (Not) Closed: grsecurity.net/an_ancient_ke…. A lesson in real non-embargoed security.

Markus Vervier · Jun 19, 2017 · 5:29 PM UTC

Markus Vervier @marver

19 Jun 2017

Yup, what's funny is that we tested vfprintf to jump over the guard page on a grsecurity kernel. :) (even though the post says not affected)

PaX Team · Jun 19, 2017 · 6:02 PM UTC

PaX Team @paxteam

19 Jun 2017

what guard page? you mean the heap-stack gap?

Markus Vervier · Jun 19, 2017 · 6:05 PM UTC

Markus Vervier @marver

19 Jun 2017

What we tested is jumping the guard page between two thread stacks in userland. But you probably meant grsec is not affected in kernelland?

PaX Team · Jun 19, 2017 · 6:12 PM UTC

PaX Team · Jun 19, 2017 · 6:12 PM UTC

PaX Team @paxteam

19 Jun 2017

FYI, RAND_THREADSTACK != heap_stack_gap

Jun 19, 2017 · 6:12 PM UTC