grsecurity

@grsecurity

Foundational security for the Linux kernel. Solving the most difficult memory unsafety problems. Created by

Vrijeme pridruživanja: lipanj 2012.

Medijski sadržaj

  1. 15. sij
    Odgovor korisnicima

    The comic is an OK description I think pre-user namespaces, but post-user-namespaces it's not right and confuses how the namespaced capabilities actually work (since nobody specifically gives them X capability, they get them all automatically,except see above for what that means)

  2. 5. sij
    Odgovor korisniku/ci

    Very easy to miss in the patch, literally right above code copy+pasted for USERCOPY, here it is in the public 4.9 patch:

  3. 31. pro 2019.

    Another 4.14 patch, another random CFI fix we've had since 2016 in this case

  4. 27. stu 2019.

    Paper which doesn't include RAP concludes that no CFI can be fine-grained, fast, and actually prevent attacks. That's convenient -- definitely wouldn't want to include the only one that disproves the thesis.

  5. 25. stu 2019.

    Thanks ! You've described us perfectly in . We continue to support i386 and it's an important part of our QA process.

  6. 25. stu 2019.
    Prikaži ovu nit
  7. 22. stu 2019.

    I had missed this, and probably so did many others. The newly-added comments to the end of seem important to repeat though. See also pg 19 of Very worrying, and seems like things are going downhill at Intel

  8. 20. stu 2019.

    Upstream 4.14 finally addresses this vuln published on oss-sec a year and 4 months ago: Or does it? 🙂

  9. 20. stu 2019.

    What it looks like when someone backports type fixes you've had since 2014 with only whitespace differences (as just happened in 4.14):

    Prikaži ovu nit
  10. 20. stu 2019.

    I like these testcases: Mainly because the compiler already detects the example bad access at compile time, and also because it doesn't bother to illustrate any of the many other real-life instances where this will do nothing at all.

    Prikaži ovu nit
  11. 18. stu 2019.

    Though I disagree with the paragraph following this one; if the real reason were performance (for something completely optional, mind you) there are a number of security features that should never have been merged.

    Prikaži ovu nit
  12. 12. stu 2019.

    -rw-r--r-- 1 paxguy1 www-users 954352 Feb 13 2014 pax-linux-3.13.3-test9-fptr-only.patch

    Prikaži ovu nit
  13. 12. stu 2019.
  14. 12. stu 2019.

    Xen security release that references a not-existing-yet Intel advisory page, embargo day! Again seems to be an Intel-only vuln

    Prikaži ovu nit
  15. 10. stu 2019.

    Looks like they missed this:

    Prikaži ovu nit
  16. 10. stu 2019.

    When I say "some", I mean:

    Prikaži ovu nit
  17. 10. stu 2019.

    Latest 4.4 kernel finally backports some Spectre fixes from over a year ago (that we already backported a year to the day today)

    Prikaži ovu nit
  18. 1. stu 2019.

    A belated Happy Halloween from our office! Don't let this one keep you up at night:

  19. 29. lis 2019.
  20. 14. lis 2019.

    The latest sudo vuln, via the set*id manpage

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·