comex · Jun 21, 2017 · 3:43 AM UTC

comex @comex

21 Jun 2017

if I read between the lines of this @grsecurity post… PaX doesn’t have userland stack proving and thus isn’t immune, despite claim @ start?

PaX Team · Jun 21, 2017 · 11:01 AM UTC

PaX Team @paxteam

21 Jun 2017

what probing do you mean? the kernel doesn't do anything like that, it enforces a heap-stack gap instead (in PaX since 2010AD).

comex · Jun 21, 2017 · 7:40 PM UTC

comex @comex

21 Jun 2017

how large a gap?

PaX Team · Jun 21, 2017 · 8:47 PM UTC

PaX Team @paxteam

21 Jun 2017

it's in the advisory, did you read it? ;)

comex · Jun 21, 2017 · 8:50 PM UTC

comex @comex

21 Jun 2017

i see, 64kb. i suppose it’s the best you can do from the kernel, but the problem is thinking that the problem should be solved in the kernel

comex · Jun 21, 2017 · 8:50 PM UTC

comex @comex

21 Jun 2017

and then claiming it is solved when it’s not :)

PaX Team · Jun 21, 2017 · 9:03 PM UTC

PaX Team · Jun 21, 2017 · 9:03 PM UTC

PaX Team @paxteam

21 Jun 2017

of course you're welcome to prove us wrong but if beating RAP's taking this long, i'm not holding my breath here either ;).

Jun 21, 2017 · 9:03 PM UTC

comex · Jun 21, 2017 · 9:05 PM UTC

comex @comex

21 Jun 2017

to be clear, you are claiming that there are zero stack jumping vulnerabilities in common programs that can be exploited with PaX?

comex · Jun 21, 2017 · 9:06 PM UTC

comex @comex

21 Jun 2017

because you know perfectly well that’s not true, even though I’m happy to admit that a large percentage of scenarios are saved by PaX