Probably didn't find anything in the typical Linux userland interface because ~2013 we did some similar instrumentation to make some leaks fall out - modified the magic for STACKLEAK/SANITIZE to a value we told a fuzzer to never provide to the kernel,inspected copy_to_user for it
-
-
-
Always one step ahead! :) It's surely one of the reasons I didn't have an easy time hunting for Linux infoleaks. Is this effort documented somewhere publicly so that I can cite it properly?
-
Nothing citable in public, this was the first time I mentioned it to the full public. I had also mentioned in the QA part of
@paxteam's 2013 talk on our GCC plugins at the private? Sacicon before H2HC -
I see, thanks for the clarification. Though I believe some degree of documentation would be helpful for explaining the discrepancy between the current state of security in different OS, using concrete sources instead of anecdotes and git commits
End of conversation
New conversation -
-
-
nice share , x64 align cause many info leaks
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.