Linux Kernel Runtime Guard (LKRG) bypass collection by Ilya Matveychikov, CC @Adam_pi3https://github.com/milabs/lkrg-bypass …
-
-
Odgovor korisnicima @andreyknvl @Adam_pi3
We appreciate Ilya's effort since it tests what protection LKRG provides or does not provide in practice, which is more nuanced than our general stance of "bypassable by design". To illustrate such nuance each bypass needs commentary on LKRG versions/settings and bypass efficacy.
1 reply 0 proslijeđenih tweetova 0 korisnika označava da im se sviđa -
Unfortunately, Ilya does not provide such commentary himself (so far, and probably wouldn't). That's fine - we can't expect any volunteer effort, especially if his point of view and goals are perhaps different than ours. ;-) So we should probably provide the commentary ourselves.
1 reply 0 proslijeđenih tweetova 0 korisnika označava da im se sviđa -
As far as I see, we did comment on all of the bypasses seen in that repo so far, on the lkrg-users mailing list. We also addressed many of these in newer LKRG. Now that Ilya collected the bypasses so nicely in that repo, we should perhaps also collect our commentary in one place.
1 reply 1 proslijeđeni tweet 3 korisnika označavaju da im se sviđa
Update: Ilya himself has added a README, which explains some of those things. Great! We're not convinced by his reasoning against SMEP, though. Yes, ROP can bypass SMEP, but can one build fake stack frames to bypass LKRG's pCFI with ROP (remember it's the same stack)? We'll see.
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.