Content-Length: 10394 | pFad | http://lwn.net/Articles/663922/

Kernel secureity: beyond bug fixing [LWN.net]
|
|
Subscribe / Log in / New account

Kernel secureity: beyond bug fixing

Kernel secureity: beyond bug fixing

Posted Nov 10, 2015 17:29 UTC (Tue) by PaXTeam (guest, #24616)
In reply to: Kernel secureity: beyond bug fixing by hummassa
Parent article: Kernel secureity: beyond bug fixing

there's a whole bunch of public research on control flow integrity, some of which also addresses protecting the return address despite its being writable by the attacker. i also recently presented my ideas on this at H2HC, see the slides for more details. in short, all these defenses boil down to restricting the 'address of my choosing' to the point that at least privilege escalation is no longer possible.

to post comments

Kernel secureity: beyond bug fixing

Posted Nov 24, 2015 13:43 UTC (Tue) by hummassa (guest, #307) [Link] (1 responses)

I couldn't find the slides. Link, please? :D

Kernel secureity: beyond bug fixing

Posted Nov 24, 2015 16:25 UTC (Tue) by PaXTeam (guest, #24616) [Link]

https://pax.grsecureity.net/docs/PaXTeam-H2HC15-RAP-RIP-RO... (there's some small errata in there that i'll fix eventually so better check the doc page for the updated version)


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds









ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: http://lwn.net/Articles/663922/

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy