Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CA+rthh_dsHVnDXv2HVBuhC=KWt_szOH-b84z4BQU4EiV0oVP8g@mail.gmail.com>
Date: Tue, 2 May 2017 23:28:07 +0200
From: Mathias Krause <minipli@...glemail.com>
To: bancfc@...nmailbox.org
Cc: kernel-hardening@...ts.openwall.com
Subject: Re: Re: It looks like there will be no more public
 versions of PaX and Grsec.

On 2 May 2017 at 16:22,  <bancfc@...nmailbox.org> wrote:
> Hi David, I read your paper [1] about how RAP wouldn't defend against
> data-only attacks. Do you plan on contributing your PT-Rand mitigation to
> KSPP?
>
> That was never mentioned in the grsec RAP announcements for obvious
> marketing reasons. With KERNSEAL not being public no one can verify its
> effectiveness either.

That's nonsense. RAP's scope was made clear from the beginning,
focusing on control flow integrity, i.e. prevent unintended code
reuse. Just look at [1], page 6 and see for yourself that data-only
attacks are out-of-scope for RAP.

[1] https://pax.grsecurity.net/docs/PaXTeam-H2HC15-RAP-RIP-ROP.pdf

Regards,
Mathias

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.