@FrozenFire @bcantrill looks like someone should have learned of READ_IMPLIES_EXEC instead of adding that crap.
1
1
re: code.google.com/p/google-sec… PAX: size overflow detected in function xt_alloc_table_info net/netfilter/x_tables.c:659 decl: __kmalloc
19
21
@FUZxxl @grsecurity bugreports tend to work out better than twitter rants, just saying...
2
@rfc1149 can you reproduce it with frame pointers enabled and report the results on the forum instead?
@benhawkes @grsecurity @happyfunstein which bugs do you claim to be not exploitable reliably (and based on what circumstances)?
1
@gannimo @grsecurity how do you know the content hasn't changed? a pdf is just easy to edit as a text file.
@gannimo @grsecurity what counts as official? did you require it for other industrial work you referenced like the ExecShield pdf?
1
@gannimo @grsecurity the one on the homepage works fine (pageexec@freemail.hu). do the timestamps on the PaX doc page not suffice?
1
@gannimo @grsecurity the blog'll come, it just hasn't been of the highest priority. if you have questions, you can always email me.
1
@gannimo @grsecurity one would think that a paper on CFI would be *the* place to cite PaX in general and RAP in particular...
1
@picfim @grsecurity RAP scales from xen to linux to chromium (all implemented and tested) though fixing userland is for another life ;).
1
@picfim @grsecurity but as i said, supporting this would greatly eliminate the security value of RAP (think chromium vs. flash plugin).
1
@picfim @grsecurity the only way to support it is to remove the hash check, e.g., by marking the indirect transfer with an attribute.
@picfim @grsecurity the kernel's also special in that there're more opportunities to renew the xor cookie in infinite loops, etc.
@picfim @grsecurity as for patches, everything i threw RAP at so far needed fixes (i think you had the same experience ;).
@picfim @grsecurity depends on demand, for now i prefer full coverage and thus no exceptions. why should the type hash be moved anywhere?
@picfim @grsecurity linking works but indirect transfers to uninstrumented code fail the type hash check at runtime (this is by design).
@p3t3_r3c0n @grsecurity there won't be one, but i'll eventually find the time to write a blog about it.
1
1
@thorstenholz @sqall01 @grsecurity sure, it reminds one of CVE-2007-0038 actually. and @gannimo was wondering why SafeStack isn't ;)