Slides for the LSS 2017 update on KSPP: https://outflux.net/slides/2017/lss/kspp.pdf …https://twitter.com/LinuxSecSummit/status/908399454515994624 …
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
legacy bottom-up vs regular top-down mmap layout, see IV.1.1, IV.1.4, IV.1.5. IV.1.6 misses this, so the analysis is incomplete.
Well, IV.1.1-5 of the Qualys analysis covers the behaviour of *vanilla* Linux, not grsec. Don't mix that up!
All of the described attacks require passing large argv[] + envp[] to the SUID binary. However, grsec limits them to 512kB.
For the sudo vulnerability (allowing to work-around even this restriction) the advisory states an "exploitation [is] impossible".
So even without the 8 MB RLIMIT_STACK restriction in place, grsec has other mechanisms making 'Stack Clash' kind of attacks infeasible:pic.twitter.com/GZA1uDElZI
my point was grsec's "8MB setuid stack limit" didn't work as intended; upstreaming those kinds of ideas requires time/effort.
Indeed it does! However, in grsec's case it doesn't/didn't matter much as other mechanisms ensure "defense in depth" still stands.
Yup, agreed. That's why I worked on getting it upstreamed (along with other accounting fixes/limits). Defense in depth FTW!
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.