oss-security - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Thu, 28 Feb 2013 09:31:40 +0100 (CET)
From: Jiri Kosina <jikos@...os.cz>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request - Linux kernel: VFAT slab-based buffer
 overflow

On Thu, 28 Feb 2013, Yves-Alexis Perez wrote:

> > > - not letting kernel dereference userspace pointers (and PMAP is
> > not 
> > >   available everywhere, unfortunately)
> > 
> > What do you mean by this?
> 
> This looks like PaX KERNEXEC/UDEREF (which uses segmentation on i386 and
> code instrumentation through gcc plugins on x86_64). 

Yes, exactly. You can now apparently also add ARM to the list of 
architectures where it's been made available [1] by the grsecurity folks.

[1] http://forums.grsecurity.net/viewtopic.php?f=7&t=3292

> On Ivy Bridge processors you have SMEP which will also prevent ring0 to
> execute code from unprivileged pages and on Haswell there will be SMAP
> which tries to prevent ring0 to access ring3 pages read/write when not
> needed (outside of copy_{to,from}_user for example but there are
> others).
> 
> But, as Jiri said, this is not available everywhere so people with more
> ancient hardware can't benefit from those extensions.

Yup, sorry for my typo above, I of course meant SMAP, not PMAP.

Thanks,

-- 
Jiri Kosina

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.