Thank you, Peter, for this concise description of the PAX_SIZE_OVERFLOW GCC plugin! Created in 2012, it was one of the first GCC plugins added to grsecurity. It was very advanced for its time, and in 2024, still is: lists.openwall.net/linux-har…
1
2
7
PaX Team retweeted
Thank you, Peter, for this concise description of the PAX_SIZE_OVERFLOW GCC plugin! Created in 2012, it was one of the first GCC plugins added to grsecurity. It was very advanced for its time, and in 2024, still is: lists.openwall.net/linux-har…
1
2
7
@domosauce check out usenix.org/system/files/sec2… and see if you can find the part that should ring a very old bell? :)
2
1
2
PaX Team retweeted
The purpose of the CVE system isn't a "first scrub" of potential issues based on automated commit message greps. You can't say the problem is a handful of bogus CVEs and also say the solution is to flood the system with 100x more of them and expect people to fix the created mess.
1
4
12
PaX Team retweeted
A weakness 23 years in the making: binaries and libraries built with an older toolchain act as timebombs against ASLR under "recent" Linux kernel and glibc changes.
Users: Check your exposure!
Developers: Rebuild binaries to achieve full ASLR benefit!
grsecurity.net/toolchain_nec…
5
33
2
62
PaX Team retweeted
A short Friday afternoon blog announcing a new version of paxtest with some useful new tests to get you ready for Monday! grsecurity.net/paxtest_relea…
12
20
PaX Team retweeted
Ow, the talks for #H2HC2023 are really looking amazing! Thanks to all who submitted and to our outstanding technical commitee!
@spendergrsec @paxteam @pinkflawd @matrosov @h2hconference
Acabamos de publicar mais 4 palestrantes. A grade da #H2HC2023 esta epica. 20 anos de @h2hconference h2hc.com.br
12
1
35
22 years after PAX_MPROTECT, with not even a mention : lore.kernel.org/lkml/2023101…
4
11
1
38
Very nice! Is there a blog post explaining the principles and ideals/goals grsec takes when building mitigations? Say, how do you avoid building "just" speed bumps? @spendergrsec @_minipli
Here's a short new blog from @_minipli on the results of our exploit review applied to a recently-described in-the-wild Android kernel exploit.
It shows how we use our compiler-based defenses to land security improvements for customers quickly:
grsecurity.net/constify_fast…
2
1
7
PaX Team retweeted
Here's a short new blog from @_minipli on the results of our exploit review applied to a recently-described in-the-wild Android kernel exploit.
It shows how we use our compiler-based defenses to land security improvements for customers quickly:
grsecurity.net/constify_fast…
28
1
43
PaX Team retweeted
It's been reported this week that Linux is sunsetting its six-year XLTS experiment started in 2017. Going forward, newly chosen upstream LTS kernels will only receive two years support. See how grsecurity's three-year LTS can help affected businesses: grsecurity.net/stability_in_…
9
2
25
finally I made #gcc plugin to collect struct/classes fields & virtual methods calls cross-references, part 1: redplait.blogspot.com/2023/0…
plugin src: github.com/redplait/dwarfdum…
1
5
20
the accuracy
btw code can be omitted not only due to dce, but for example can be converted to ordinary non-virtual call - see ipa-devirt.cc in gcc src
1
you cannot be sure that code at GIMPLE stage will be places in real native code. this is general compilers problem, llvm has it too - see for example blog.trailofbits.com/2023/07…
from OBJ_TYPE_REF you can extract types of object and called method but not name of method
1
why does DCE matter? you can just discard the information you don't need? as for the method name, you can extract the base class info from the 'this' arg type then parsing TYPE_BINFO/BINFO_VIRTUALS/etc will get you method names.
1
i see, for call sites i'd look at gimple instead, IMHO it's easier to find and analyze those GIMPLE_CALLs to vmethods (OBJ_TYPE_REF models the target of the call).
1
...and with some more work kvmclock and similar users won't need to change at all :)
KERNSEAL infrastructure, building upon a number of earlier design choices, makes it nearly trivial to achieve some impressive security goals.
With a small change to kvmclock, we now have KVM where none of the guest memory is mapped/accessible at the hypervisor level at all!
2
3
8
PaX Team retweeted
If you've been noticing your >= 5.4 LTS Linux kernel from the last month rarely/randomly hang forever at boot, it's not just you. @_minipli tracked down the culprit and provides a root cause analysis here: lore.kernel.org/lkml/5a56290…
1
6
1
43
