grsecurity forums

Skip to content

CC_STACKPROTECTOR and PaX

Discuss and suggest new grsecurity features
Topic locked

CC_STACKPROTECTOR and PaX

Postby ncuk » Sat Aug 20, 2011 9:20 pm

I was recently going through the Kconfig with pax and grsecurity. One question I have is this: Whis is CC_STACKPROTECTOR disabled if UDEREF is enabled? This may be silly, but would be good to know.
ncuk
 
Posts: 1
Joined: Sat Aug 20, 2011 9:17 pm
Top

Re: CC_STACKPROTECTOR and PaX

Postby PaX Team » Sun Aug 21, 2011 6:55 am

ncuk wrote:Whis is CC_STACKPROTECTOR disabled if UDEREF is enabled?
due to a change in UDEREF/i386 the gs register is permanently needed in the kernel (to properly track/enforce the task address limit even across kernel re-entries and to prevent exploitation of bugs like CVE-2010-4258) and that excludes its use for SSP.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm
Top

Re: CC_STACKPROTECTOR and PaX

Postby tjh » Tue Sep 27, 2011 4:59 pm

http://www.redhat.com/security/data/cve ... -4258.html
tjh
 
Posts: 102
Joined: Sat Oct 16, 2004 8:19 pm
Top
Topic locked

Return to grsecurity development

Powered by phpBB® Forum Software © phpBB Group