comex · Jun 21, 2017 · 3:43 AM UTC

comex @comex

21 Jun 2017

if I read between the lines of this @grsecurity post… PaX doesn’t have userland stack proving and thus isn’t immune, despite claim @ start?

PaX Team · Jun 21, 2017 · 11:01 AM UTC

PaX Team @paxteam

21 Jun 2017

what probing do you mean? the kernel doesn't do anything like that, it enforces a heap-stack gap instead (in PaX since 2010AD).

comex · Jun 21, 2017 · 7:40 PM UTC

comex @comex

21 Jun 2017

how large a gap?

PaX Team · Jun 21, 2017 · 8:47 PM UTC

PaX Team @paxteam

21 Jun 2017

it's in the advisory, did you read it? ;)

comex · Jun 21, 2017 · 8:50 PM UTC

comex @comex

21 Jun 2017

i see, 64kb. i suppose it’s the best you can do from the kernel, but the problem is thinking that the problem should be solved in the kernel

PaX Team · Jun 21, 2017 · 9:02 PM UTC

PaX Team · Jun 21, 2017 · 9:02 PM UTC

PaX Team @paxteam

21 Jun 2017

yes but it's admin settable. the kernel cannot solve this, it's a codegen issue fundamentallly, no different from NX/ASLR/etc.

Jun 21, 2017 · 9:02 PM UTC