[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request - Linux kernel: VFAT slab-based buffer overflow
From:       Jiri Kosina <jikos () jikos ! cz>
Date:       2013-02-28 8:31:40
Message-ID: alpine.LRH.2.00.1302280930200.30582 () twin ! jikos ! cz
[Download RAW message or body]

On Thu, 28 Feb 2013, Yves-Alexis Perez wrote:

> > > - not letting kernel dereference userspace pointers (and PMAP is
> > not 
> > >   available everywhere, unfortunately)
> > 
> > What do you mean by this?
> 
> This looks like PaX KERNEXEC/UDEREF (which uses segmentation on i386 and
> code instrumentation through gcc plugins on x86_64). 

Yes, exactly. You can now apparently also add ARM to the list of 
architectures where it's been made available [1] by the grsecurity folks.

[1] http://forums.grsecurity.net/viewtopic.php?f=7&t=3292

> On Ivy Bridge processors you have SMEP which will also prevent ring0 to
> execute code from unprivileged pages and on Haswell there will be SMAP
> which tries to prevent ring0 to access ring3 pages read/write when not
> needed (outside of copy_{to,from}_user for example but there are
> others).
> 
> But, as Jiri said, this is not available everywhere so people with more
> ancient hardware can't benefit from those extensions.

Yup, sorry for my typo above, I of course meant SMAP, not PMAP.

Thanks,

-- 
Jiri Kosina
[prev in list] [next in list] [prev in thread] [next in thread]