Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 28 Feb 2013 07:57:30 +0100
From: Yves-Alexis Perez <corsac@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request - Linux kernel: VFAT slab-based
 buffer overflow

On mer., 2013-02-27 at 15:57 -0800, Greg KH wrote:
> > - not letting kernel dereference userspace pointers (and PMAP is
> not 
> >   available everywhere, unfortunately)
> 
> What do you mean by this?

This looks like PaX KERNEXEC/UDEREF (which uses segmentation on i386 and
code instrumentation through gcc plugins on x86_64). 

On Ivy Bridge processors you have SMEP which will also prevent ring0 to
execute code from unprivileged pages and on Haswell there will be SMAP
which tries to prevent ring0 to access ring3 pages read/write when not
needed (outside of copy_{to,from}_user for example but there are
others).

But, as Jiri said, this is not available everywhere so people with more
ancient hardware can't benefit from those extensions.

Regards,
-- 
Yves-Alexis

Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.