PaX Team · Oct 1, 2016 · 7:32 PM UTC

PaX Team

Load newest

PaX Team @paxteam

1 Oct 2016

blame is what you're trying to do, identifying the root cause isn't ;).

PaX Team · Oct 1, 2016 · 7:30 PM UTC

PaX Team @paxteam

1 Oct 2016

it's not a bug but a problem with gcc (recognized by gcc devs too).

PaX Team · Oct 1, 2016 · 7:10 PM UTC

PaX Team @paxteam

1 Oct 2016

defenses don't create bugs, humans do ;).

PaX Team · Oct 1, 2016 · 7:08 PM UTC

PaX Team @paxteam

1 Oct 2016

no, the first problem (not bug per se) was due to gcc internals, the defense itself was fine.

PaX Team · Oct 1, 2016 · 6:31 PM UTC

PaX Team @paxteam

1 Oct 2016

there're many bugs our defenses caught over the years, just browse lkml or our forums.

PaX Team · Oct 1, 2016 · 6:29 PM UTC

PaX Team @paxteam

1 Oct 2016

no, the bug was human error, whereas the defense was automated.

PaX Team · Oct 1, 2016 · 6:13 PM UTC

PaX Team @paxteam

1 Oct 2016

Replying to @Evil_X_ @rootkovska

size overflow, RAP, etc work in userland too and we're not done yet ;).

PaX Team · Oct 1, 2016 · 6:11 PM UTC

PaX Team @paxteam

1 Oct 2016

sure, it's proven itself time and again, not many defenses can say the same.

PaX Team · Oct 1, 2016 · 6:08 PM UTC

PaX Team @paxteam

1 Oct 2016

Replying to @rootkovska

they have the same computing power. that's where unbreakable sandboxes come into the picture. the race's on ;).

PaX Team · Oct 1, 2016 · 6:03 PM UTC

PaX Team @paxteam

1 Oct 2016

@lolhaq @Snowden @subgraph @QubesOS @marcan42 that's a great example of how our defenses protect against even our own bugs. thanks!

PaX Team · Oct 1, 2016 · 5:30 PM UTC

PaX Team @paxteam

1 Oct 2016

Replying to @i0n1c

that wouldn't be a fix since you can't click what doesn't exist ;).

PaX Team · Oct 1, 2016 · 5:28 PM UTC

PaX Team @paxteam

1 Oct 2016

Replying to @rootkovska

sure, that's the whole raison d'etre of my work.

PaX Team · Oct 1, 2016 · 5:15 PM UTC

PaX Team @paxteam

1 Oct 2016

Replying to @rootkovska

and PaX is more than memory corruption prevention. think grsec, sandboxes, etc. it's just not me who does all the work ;).

PaX Team · Oct 1, 2016 · 5:02 PM UTC

PaX Team @paxteam

1 Oct 2016

Replying to @Snowden @subgraph @QubesOS

the whole point of PaX is that you *can* click any OK button without getting owned. not there yet but close :).

PaX Team · Jul 19, 2016 · 11:18 AM UTC

PaX Team @paxteam

19 Jul 2016

Replying to @kangsterizer

'free' in english is ambiguous, see gnu.org/philosophy/free-sw.h…

PaX Team · Jul 18, 2016 · 7:07 PM UTC

PaX Team @paxteam

18 Jul 2016

Replying to @kangsterizer

so the stable code is libre but not gratuit. i find the use of 'freely' in that context rather disingenuous.

PaX Team · Jul 18, 2016 · 7:06 PM UTC

PaX Team @paxteam

18 Jul 2016

Replying to @kangsterizer

perhaps something got lost in translation as the license never changed, it's still GPLv2 (that of the kernel).

PaX Team · Jun 22, 2016 · 1:09 PM UTC

PaX Team @paxteam

22 Jun 2016

but if you know of a better way that also meets the other features of RAP (e.g., performance, scalability), do share.

PaX Team · Jun 22, 2016 · 1:08 PM UTC

PaX Team @paxteam

22 Jun 2016

and with type diversification (programmer action) it can be arbitrarily refined to approach the intended CFG.

PaX Team · Jun 22, 2016 · 1:07 PM UTC

PaX Team @paxteam

22 Jun 2016

the RAP type hash extracts the maximum information i could think of and what the languges allow.