dexta wrote:This is what i've read this morning, i just wanted to know if the grsec team does know about this and if this gets patched with the current/upcomming version of grsec?!
I think that there is a bit of misunderstanding here about what grsecurity does. First i suggest that you check out
http://www.grsecurity.net/papers.php , in particular the LSM2002 presentation slides. From that it should be clear that grsecurity (or PaX) is not a kernel (or userland) auditing/bugfixing project, rather it tries to prevent/detect/contain exploits. This is not to say that they (or we for that matter) don't occasionally read and check various pieces of code, but that's not the primary goal and is mainly for ensuring proper operation between the kernel/userland and our changes (i.e. we at most look for design bugs, not implementation ones).
Now as for that particular ABfrag stuff. So far there is no known/real binary available, only virus infected/fake ones. Nor is there are any credible/verifiable information available on the supposed kernel bug (not saying though that one or more do not exist). What can (and eventually will) be done about kernel exploits is the duplication of some of the userland protection features, namely non-executable pages and the equivalent of the mprotect/mmap restrictions (that is, strict control over the introduction of new executable code and the changing of execution flow).
Posted: Fri Oct 18, 2002 1:19 am