PaX Team · Jan 20, 2016 · 1:21 PM UTC

PaX Team @paxteam

20 Jan 2016

Replying to @sqall01

@sqall01 @thorstenholz @grsecurity depends on the content, if javascript is involved then definitely yes.

PaX Team · Jan 20, 2016 · 11:07 AM UTC

PaX Team @paxteam

20 Jan 2016

@thorstenholz @grsecurity note that ASLR wasn't designed as a defense against local attacks: forums.grsecurity.net/viewto…

PaX Team · Jan 19, 2016 · 2:28 PM UTC

PaX Team @paxteam

19 Jan 2016

@WadeMealing @grsecurity like Exec-Shield or 4:4 were? ;)

PaX Team · Jan 19, 2016 · 12:55 PM UTC

PaX Team @paxteam

19 Jan 2016

@grsecurity PAX: refcount overflow occured at: prepare_creds+0x7f/0xf0

PaX Team · Jan 19, 2016 · 12:55 PM UTC

PaX Team @paxteam

19 Jan 2016

@grsecurity PAX: refcount overflow detected in: cve_2016_0728:28704, uid/euid: 0/0

PaX Team · Jan 10, 2016 · 3:17 PM UTC

PaX Team @paxteam

10 Jan 2016

@gannimo @grsecurity @stevecheckoway also so far you failed to prove that real life printf is TC. so either retract or provide proof.

PaX Team · Jan 10, 2016 · 3:15 PM UTC

PaX Team @paxteam

10 Jan 2016

Replying to @gannimo

@gannimo @grsecurity @stevecheckoway you said it was TC complete according to spec and since real life printf isn't... logic 101.

PaX Team · Jan 10, 2016 · 11:21 AM UTC

PaX Team @paxteam

10 Jan 2016

Replying to @gannimo

@gannimo @grsecurity @stevecheckoway RE:memcpy-like functions, they're leaves and unusable for CFB dispatching under RAP. CFB can RIP too ;)

PaX Team · Jan 10, 2016 · 11:20 AM UTC

PaX Team @paxteam

10 Jan 2016

Replying to @gannimo

@gannimo @grsecurity @stevecheckoway so you admit that printf itself according to real life deployments is NOT exploitable at all?

PaX Team · Dec 15, 2015 · 5:24 PM UTC

PaX Team @paxteam

15 Dec 2015

Replying to @copumpkin

@copumpkin @grsecurity one of them is... :)

PaX Team · Dec 14, 2015 · 9:12 PM UTC

PaX Team @paxteam

14 Dec 2015

PaX Team · Oct 21, 2015 · 12:39 AM UTC

PaX Team @paxteam

21 Oct 2015

RAP: RIP ROP