Originally posted by Hunger.hu
View Post
Announcement
Collapse
No announcement yet.
GrSecurity: The Truth About Linux 4.6 [Security]
Collapse
X
-
Originally posted by Hunger.hu View PostNope. The PaX Size Overflow plugin found it.
HTH
still no auditLast edited by pal666; 16 May 2016, 01:04 PM.
Comment
-
Originally posted by pal666 View Postplugin crashed
Plugin instruments extra checks to the kernel code in compilation time. At run-time these extra checks detected the integer underflow and triggered a deterministic panic().
If he use the "pax_size_overflow_report_only" kernel parameter then it does not call the panic() function just logs the detected underflow to kernel buffer (dmesg) and the system is running on and on. Nothing crash here.
Comment
-
Originally posted by Hunger.hu View Post
Nope. Plugin does not crash.
Plugin instruments extra checks to the kernel code in compilation time. At run-time these extra checks detected the integer underflow and triggered a deterministic panic().
If he use the "pax_size_overflow_report_only" kernel parameter then it does not call the panic() function just logs the detected underflow to kernel buffer (dmesg) and the system is running on and on. Nothing crash here.Last edited by pal666; 16 May 2016, 07:48 PM.
- Likes 1
Comment
-
Originally posted by stevenc View PostBut was that unsigned < 0 comparison in the grsecurity patch, or in the vanilla kernel?Last edited by starshipeleven; 17 May 2016, 10:45 AM.
Comment
-
Originally posted by pal666 View Postwhy are you telling me all of this? i know this and this is irrelevant, because: 1) all what plugin did for him is crash. 2) plugin did not find comparison. 3) comparison was found by bug reporter. 4) comparison was broken by grsecurity patch which obviously had zero audit.5) do not try to post random bullshit again
1) It was a managed exception. The system integrator has the choice to log only this type of integer under- and overflows with "pax_size_overflow_report_only" kernel parameter or get a safer panic() call to circumvent a potential privilege escalation attack. This choice is depends on the result of a risk analysis (Integrity vs. Availability). Without risk management the PaX Size Overflow GCC plugin does not recommended for production use.
2) The comparison and the underflow does not calls panic() and does not crash. He find nothing without this feature. This plugin was detected the underflow and he thought it is a vulnerability. Not every integer under- and overflow has security implications. This was a false positive which triggered the plugin to report but was no real security issue. He cannot use this integer underflow for privilege escalation attacks.
3) The kid is used this plugin without the knowledge of it. He enabled every option in kernel config of Grsecurity. One of Grsec features is this plugin which - again - not for production use. If he use vanilla kernel only but with CONFIG_KMEMCHECK he got similar results, kernel panics and much slowdowns. Is it the problem of vanilla kernels? Nope. KmemCheck feature is for developers and kernel hackers. Not for average users. The PaX Size Overflow GCC plugin is for experts too and not for average users.
Experts can use "pax_size_overflow_report_only" kernel parameter if they do not want the plugin to call panic() on a detected integer overflow event.
Comment
-
Originally posted by Hunger.hu View PostYou said "plugin crashed" multiple times but there was no crash
no wonder grsecurity has no traction, if it is made by bunch of hallucinating fucks like youLast edited by pal666; 17 May 2016, 07:53 PM.
- Likes 1
Comment
Comment