grsecurity · Jan 24, 2018 · 12:34 AM UTC

grsecurity

grsecurity @grsecurity

24 Jan 2018

We continue to work on the 4.4 backport of UDEREF, completely replacing KAISER and making us unaffected by any future issues discovered in the upstream backported code. A customer-only knowledge base has been launched at grsecurity.net/docs/ with the latest info #grsecurity

Jörg Rödel (@joro@fosstodon.org) · Jan 26, 2018 · 12:20 PM UTC

Jörg Rödel (@joro@fosstodon.org) @joergroedel

26 Jan 2018

Not affected by upstream bugs, but still by #Meltdown marc.info/?l=linux-kernel&m=…

PaX Team · Jan 26, 2018 · 2:00 PM UTC

PaX Team · Jan 26, 2018 · 2:00 PM UTC

PaX Team @paxteam

26 Jan 2018

Replying to @joergroedel @grsecurity

i backported our UDEREF/amd64 solution to 4.4 since it's a natural fit for address space separation (have had the logic for other purposes since 2009 or so). as for i386, how do you know if the segmentation based approach fails on CPUs that aren't 64 bit capable?

Jan 26, 2018 · 2:00 PM UTC

Jörg Rödel (@joro@fosstodon.org) · Jan 26, 2018 · 3:18 PM UTC

Jörg Rödel (@joro@fosstodon.org) @joergroedel

26 Jan 2018

Replying to @paxteam @grsecurity

Doesn't matter. There are people running 32-bit kernels on 64-bit capable hardware too.

PaX Team · Jan 26, 2018 · 3:30 PM UTC

PaX Team @paxteam

26 Jan 2018

and which one of those processors cannot rely on the segmentation based approach?