Full Disclosure mailing list archives
Re: Partial pointer leaks
From: Christophe Hauser <christophe () cs ucsb edu>
Date: Fri, 6 Mar 2015 17:13:26 -0800
On Thu, Mar 05, 2015 at 10:42:15AM -0800, Robert Święcki wrote:
I'm not sure if that's what you look for, but certain perf operations leak one or two addresses from the kernel space in the default Ubuntu configuration. It's possible to write a short PoC, but it might take a few mins, instead feel free to to compile and use https://code.google.com/p/honggfuzz/source/checkout - which serves other purpose, but uses perf as well. This behavior could be well by design though, I haven't checked yet. It will only work under newer Intel CPUs BTW. $ ~/src/honggfuzz/honggfuzz -n1 -N1 -d4 -s -Dp -- /bin/true | cut -f9 -d" " | grep ffffffff | sort | uniq 0xffffffff8178ad82 0xffffffff8178ba47 # Remove the last 4 bits here $ sudo grep ffffffff8178ad8. /boot/System.map-3.16.0-31-generic ffffffff8178ad85 t sysret_careful $ sudo grep ffffffff8178ba47 /boot/System.map-3.16.0-31-generic ffffffff8178ba47 T native_irq_return_iret HTH
Hi Robert, thank you, this is very interesting and seems to be one potential occurrence of what I am looking for. Nice tool by the way ! -- Christophe
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Partial pointer leaks Christophe Hauser (Mar 04)
- Re: Partial pointer leaks Robert Święcki (Mar 06)
- Re: Partial pointer leaks Christophe Hauser (Mar 07)
- Re: Partial pointer leaks Gil Besso (Mar 08)
- Re: Partial pointer leaks Christophe Hauser (Mar 07)
- Re: Partial pointer leaks Robert Święcki (Mar 06)