grsecurity forums

After reading spender's interesting post on Full Disclosure, I was curious about:

"PaX is also still the only project that focuses at all on preventing kernel exploits as well with its KERNEXEC (and soon, KERNSEAL) feature. Expect OpenBSD to independently invent a protection against null ptr deref bugs sometime in 2009."

I couldn't find much information on this (as was to be expected since I'm assuming, of course, it's still in the works) however I did stumble upon "kernseal.txt 2003.05.01 14:20 GMT sealed kernel storage design & implementation" on the PaX documentation page. I'm really curious; can we expect this new feature in the next release? Sound's pretty interesting in my opinion, so you can imagine my excitement in waiting for details.

Love the OpenBSD remark by the way.

ralphy wrote:I couldn't find much information on this (as was to be expected since I'm assuming, of course, it's still in the works) however I did stumble upon "kernseal.txt 2003.05.01 14:20 GMT sealed kernel storage design & implementation" on the PaX documentation page.

it's my honeypot to catch the smarter web surfers that look at the html source and construct an URL by hand. more seriously, it's all vaporware right now, so i'd rather not raise too much interest in it until i have something that actually works (and it may turn out to not work well or at all). the problem KERNSEAL sets out to solve is kernel self-protection, that is, assuming arbitrary read/write access to kernel memory (by some bug, but for all i care, it could even be a mode 777 /dev/mem as well), the goal is to prevent privilege elevation (vs. privilege abuse which is an even harder problem to solve).

I'm really curious; can we expect this new feature in the next release?

no, it's probably a year away, at least that's how much i gave myself when i went into 'voluntary unemployment'.

Aha, thanks