Kernel Exploit

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Kernel Exploit

Postby dexta » Fri Oct 18, 2002 1:19 am

http://www.linuxsecurity.com/articles/i ... -5933.html

This is what i've read this morning, i just wanted to know if the grsec team does know about this and if this gets patched with the current/upcomming version of grsec?!

thanks :) i'm scared about those news :)
dexta
 
Posts: 3
Joined: Thu Oct 17, 2002 3:37 pm

Re: Kernel Exploit

Postby PaX Team » Fri Oct 18, 2002 9:04 am

dexta wrote:This is what i've read this morning, i just wanted to know if the grsec team does know about this and if this gets patched with the current/upcomming version of grsec?!

I think that there is a bit of misunderstanding here about what grsecurity does. First i suggest that you check out http://www.grsecurity.net/papers.php , in particular the LSM2002 presentation slides. From that it should be clear that grsecurity (or PaX) is not a kernel (or userland) auditing/bugfixing project, rather it tries to prevent/detect/contain exploits. This is not to say that they (or we for that matter) don't occasionally read and check various pieces of code, but that's not the primary goal and is mainly for ensuring proper operation between the kernel/userland and our changes (i.e. we at most look for design bugs, not implementation ones).

Now as for that particular ABfrag stuff. So far there is no known/real binary available, only virus infected/fake ones. Nor is there are any credible/verifiable information available on the supposed kernel bug (not saying though that one or more do not exist). What can (and eventually will) be done about kernel exploits is the duplication of some of the userland protection features, namely non-executable pages and the equivalent of the mprotect/mmap restrictions (that is, strict control over the introduction of new executable code and the changing of execution flow).
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Postby spender » Fri Oct 18, 2002 9:14 am

Also, there is no 2.4.20-pre20. The latest is 2.4.20-pre11. The post was clearly fake, one of the several to crop up recently. Shame on linuxsecurity for spreading this filth.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

got hysterical ;>

Postby dexta » Fri Oct 18, 2002 9:24 am

sorry guys, just got very hysterical this morning after reading this article :)
dexta
 
Posts: 3
Joined: Thu Oct 17, 2002 3:37 pm


Return to grsecurity support

cron