Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 22 Jul 2019 21:40:38 +0200
From: Adam Zabrocki <pi3@....com.pl>
To: lkrg-users@...ts.openwall.com
Subject: Re: LKRG 0.7 CI & ED bypass

> CI timer is a periodic job with 15 seconds period by default so I don???t see the reason why
> it isn???t possible to launch the exploit when CI is not yet started. Lucky you, but it works
> well on my VM :-)

CI is not only triggered on timer. I've made a test where I've completely 
disabled timer, and still LKRG's CI was able to catch that. Mostly, because 
LKRG's CI can also be executed on the random events in the system which are 
generated by the nature of the bug.

Nevertheless, I've tried to reproduce your environment by disabling SMEP, 
disabling CI timer and also disabling CI on random events in the system. I 
still was not able to reproduce your bypass instead I'm getting critical kernel 
panic (usually fatal exception in interrupt). Can you share a screenshot from 
your tests where LKRG is running?

Thanks,
Adam

-- 
pi3 (pi3ki31ny) - pi3 (at) itsec pl
http://pi3.com.pl

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.