nitter
PaX Team
@paxteam
pax.grsecurity.net/
Joined February 2010
Tweets
548
Following
2
Followers
2,766
Likes
35
Tweets
Tweets & Replies
Media
Search
Load newest
PaX Team
@paxteam
6 Feb 2017
Replying to
@ochsff
4.10 is around the corner, afterwards it's time for 4.4. gives us time to find out any outstanding issues too.
PaX Team
@paxteam
6 Feb 2017
Replying to
@justinschuh
@InfiltrateCon
i'm told that you'll find your match there :)
1
PaX Team
@paxteam
6 Feb 2017
today's grsecurity release for linux 4.9 adds the promised return checking to the public version of RAP:
grsecurity.net/rap_announce_…
@epakskape
3
97
2
74
PaX Team
@paxteam
15 Dec 2016
Replying to
@epakskape
excellent, now all you need is RAP and you're the best in the business ;). congrats, you 'got it' before anyone else!
1
1
8
PaX Team
@paxteam
15 Dec 2016
Replying to
@epakskape
is it as strong as MPROTECT+SDCG would be?
1
PaX Team
@paxteam
14 Dec 2016
undergrad C test by the linux stable series maintainer (
@gregkh
):
openwall.com/lists/kernel-ha…
1
8
6
PaX Team
@paxteam
24 Oct 2016
Replying to
@solardiz
@nelhage
@DirtyCOWVuln
sry, was too terse, it applies to executable and RELRO mappings only. not that if any of that matters here.
1
PaX Team
@paxteam
22 Oct 2016
Replying to
@nelhage
@DirtyCOWVuln
MPROTECT in PaX prevents that.
1
2
1
5
PaX Team
@paxteam
2 Oct 2016
Replying to
@rootkovska
what about device VMs, can they run in vmx or only as paravirt?
PaX Team
@paxteam
2 Oct 2016
as for what GRKERNSEC_CONFIG_AUTO does, read the config help instead of guessing ;).
PaX Team
@paxteam
2 Oct 2016
you said it was enabled by default, now you're saying it's not? confused...
PaX Team
@paxteam
2 Oct 2016
Replying to
@rootkovska
in xen/hvm everything should work i think, only paravirt (dom0) is problematic for KERNEXEC/UDEREF.
1
5
PaX Team
@paxteam
2 Oct 2016
Replying to
@micahflee
i doubt grsec detects ret2libc anywhere in userland, you'd need something like RAP to recompile userland first (works here ;).
PaX Team
@paxteam
1 Oct 2016
Replying to
@mkolsek
@thegrugq
@Snowden
@subgraph
@QubesOS
i don't think i ever wrote about the big picture, maybe one day...
PaX Team
@paxteam
1 Oct 2016
where did i say Kconfig?
PaX Team
@paxteam
1 Oct 2016
that's not PaX, and it's not default on, see the 'if' part? config_auto is off by default.
PaX Team
@paxteam
1 Oct 2016
good thing we don't have any such plugins ;).
PaX Team
@paxteam
1 Oct 2016
by default everything is off and patches are welcome for better wording.
PaX Team
@paxteam
1 Oct 2016
gcc's plugin architecture makes it impossible, but i told you that before, didn't i?
PaX Team
@paxteam
1 Oct 2016
and when did i not deal with 'it'? (your not reading the docs isn't my fault but yours)
1
Load more