oss-sec mailing list archives
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
From: Jiri Kosina <jikos () jikos cz>
Date: Thu, 28 Feb 2013 01:31:56 +0100 (CET)
On Wed, 27 Feb 2013, Greg KH wrote:
If you know of any other ways that we can do this, please let us know.- W^XI thought we tried this, and had to revert it due to problems it caused with some dyanmic code generators. Or am I totally mistaken here?
Userspace is problematic in this respect, agreed (because of all the JIT stuff, for example). I am speaking more in terms of kernel now. I.e. having clear separation of kernel RO-data and kernel code. Basically what grsecurity/PAX is doing with their CONFIG_PAX_KERNEXEC, but with hardware support whenever possible (i.e. minimizing runtime performance penalty).
- not letting kernel dereference userspace pointers (and PMAP is not available everywhere, unfortunately)What do you mean by this?
If you trick kernel into derefereing pointer outside it's mapped space (i.e. address lower than TASK_SIZE, thus fully controller by potentially evil userspace), it'll happily do that (modulo incomplete counter-measures, such as vm.mmap_min_addr sysctl). Thanks, -- Jiri Kosina
Current thread:
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow, (continued)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Daniel Kahn Gillmor (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Mar 01)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Tim (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 28)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Daniel Kahn Gillmor (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried (Feb 26)