oss-sec mailing list archives
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
From: Jiri Kosina <jikos () jikos cz>
Date: Thu, 28 Feb 2013 09:31:40 +0100 (CET)
On Thu, 28 Feb 2013, Yves-Alexis Perez wrote:
- not letting kernel dereference userspace pointers (and PMAP isnotavailable everywhere, unfortunately)What do you mean by this?This looks like PaX KERNEXEC/UDEREF (which uses segmentation on i386 and code instrumentation through gcc plugins on x86_64).
Yes, exactly. You can now apparently also add ARM to the list of architectures where it's been made available [1] by the grsecurity folks. [1] http://forums.grsecurity.net/viewtopic.php?f=7&t=3292
On Ivy Bridge processors you have SMEP which will also prevent ring0 to
execute code from unprivileged pages and on Haswell there will be SMAP
which tries to prevent ring0 to access ring3 pages read/write when not
needed (outside of copy_{to,from}_user for example but there are
others).
But, as Jiri said, this is not available everywhere so people with more
ancient hardware can't benefit from those extensions.
Yup, sorry for my typo above, I of course meant SMAP, not PMAP. Thanks, -- Jiri Kosina
Current thread:
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow, (continued)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Mar 01)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Tim (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 28)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Daniel Kahn Gillmor (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried (Feb 26)