Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAJcbSZFq_r+bpzyU3VVdukHW3SXsD7EPHkobh7anPVvBgfXtqA@mail.gmail.com>
Date: Sat, 19 Nov 2016 08:36:33 -0800
From: Thomas Garnier <thgarnie@...gle.com>
To: Kernel Hardening <kernel-hardening@...ts.openwall.com>
Subject: Re: get NULL pointer dereferences or #GP fault to
 infomation leakage

It is an issue because having KASLR enable without panic on oops is not
really useful. Same apply to other mitigations that rely on randomness.

On Sat, Nov 19, 2016 at 3:50 AM, zerons <zeronsaxm@...il.com> wrote:

> I wonder if this could be an issue.
>
> Test on Ubuntu 16.04 with linux kernel 4.4.x, x86_64.
>
> When a NULL-pointer-deref or a #GP fault
> (e.g: access to 0xdead0000-xxxxxxxx) happens in kernel space,
> it seems that the kernel would kill the current process, then
> output the Oops message or "general protection fault" message.
>
> So we can get these messages via `dmesg` or reading the /var/log/...
>
> I think this may be a way to bypass the KASLR, could it be?
>



-- 
Thomas

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.