The Linux COW bug is likely a Chrome/ChromeOS sandbox escape as well: https://cs.chromium.org/chromium/src/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc?l=176&dr=C …
Are you considering targetting vDSO with CVE-2016-5195? I'd think it would still need /proc/self/mem or POKEDATA
-
-
Not sure, I didn't investigate much. I was referring to this tweet by
@solardizhttps://twitter.com/solardiz/status/790638402291073024 … -
As
@kees_cook said, even when targeting vDSO, still need ptrace or /proc/self/mem or equivalent (but no other known yet) -
Make sense, thanks Solar.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.