Announcing Bochspwn Reloaded – a new kernel memory infoleak detector – and the REcon Montreal 2017 slides.http://j00ru.vexillium.org/?p=3295
-
-
Replying to @j00ru
Finally went through the Bochspwn Reloaded slides. Kudos! Feedback: rather than "Remove taint on free", you could re-taint & detect UAF+leak
1 reply 1 retweet 5 likes -
Among "other data sinks", consider leaks into filesystem metadata (the fs may be on removable media and then given to someone else, etc.)
1 reply 1 retweet 3 likes -
On Linux, these bug classes are probably still common on older yet maintained and on custom distro kernels. Try RHEL7 and Vz7. They'll care.
1 reply 0 retweets 2 likes -
Replying to @j00ru
Great! Re: Vz7, see e.g. 5 commits from Dec 5 2016 https://src.openvz.org/projects/OVZ/repos/vzkernel/commits?until=refs%2Fheads%2Fbranch-rh7-3.10.0-514.16.1.vz7.32.x-ovz … These were minor infoleaks I found & reported, they cared to fix.
1 reply 1 retweet 3 likes
This indeed looks promising. :)
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.