If you ever wonder why grsecurity is not in upstream Linux here's one reason.https://www.spinics.net/lists/kernel/msg2540934.html …
-
-
It also ties the whole better ASLR implementation of that despite ignoring mmap hints being the only real reason for that breaking anything.
-
So you need RANDMMAP exceptions to make hints respected, but that disables PaX ASLR, and a bit of vanilla ASLR is even disabled too (brk).
-
They also stubbornly use a non-CSPRNG for ASLR, while vanilla moved to CSPRNG... but there are bigger issues than userspace hardening bits.
-
They never seemed open to suggestions on how to clean things up or improve them. Lots of the design is just there solely out of spite too.
-
i.e. keeping entire separate implementations of features rather than reducing the diff size by reusing code or making small adjustments.
-
Most grsecurity users that have enabled the SIZE_OVERFLOW feature or the original KSTACKOVERFLOW are aware of how much stuff they break.
-
msync can be used to introspect mappings on Linux (returns ENOMEM for no mapping) but has side effects. On BSD it returns 0 for no mapping.
-
mremap can sometimes be used to probe without side effects.
- 5 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.