Linux Kernel Runtime Guard (LKRG) bypass collection by Ilya Matveychikov, CC @Adam_pi3https://github.com/milabs/lkrg-bypass …
Unfortunately, Ilya does not provide such commentary himself (so far, and probably wouldn't). That's fine - we can't expect any volunteer effort, especially if his point of view and goals are perhaps different than ours. ;-) So we should probably provide the commentary ourselves.
-
-
As far as I see, we did comment on all of the bypasses seen in that repo so far, on the lkrg-users mailing list. We also addressed many of these in newer LKRG. Now that Ilya collected the bypasses so nicely in that repo, we should perhaps also collect our commentary in one place.
-
Update: Ilya himself has added a README, which explains some of those things. Great! We're not convinced by his reasoning against SMEP, though. Yes, ROP can bypass SMEP, but can one build fake stack frames to bypass LKRG's pCFI with ROP (remember it's the same stack)? We'll see.
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.