Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAGXu5jL=uPyP=eG296oTixkto83LqVyasvo9qaNEn2P6bAtufQ@mail.gmail.com>
Date: Thu, 21 Feb 2019 15:29:39 -0800
From: Kees Cook <keescook@...omium.org>
To: "Perla, Enrico" <enrico.perla@...el.com>
Cc: Andy Lutomirski <luto@...capital.net>, "Reshetova, Elena" <elena.reshetova@...el.com>, 
	Andy Lutomirski <luto@...nel.org>, Jann Horn <jannh@...gle.com>, 
	Peter Zijlstra <peterz@...radead.org>, 
	"kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, 
	"tglx@...utronix.de" <tglx@...utronix.de>, "mingo@...hat.com" <mingo@...hat.com>, "bp@...en8.de" <bp@...en8.de>, 
	"tytso@....edu" <tytso@....edu>
Subject: Re: [RFC PATCH] x86/entry/64: randomize kernel stack offset upon
 system call

On Wed, Feb 20, 2019 at 2:53 PM Kees Cook <keescook@...omium.org> wrote:
> BTW, the attack that inspired grsecurity's RANDKSTACK is described in
> these slides (lots of steps, see slide 79):
> https://www.slideshare.net/scovetta/stackjacking

Sorry, as PaX Team reminded me, I misremembered this. RANDKSTACK
already existed. It was STACKLEAK that was created in response to this
particular attack. I still think this attack is worth understanding to
see what hoops must be jumped through when dealing with stack
randomization (and other defenses).

-- 
Kees Cook

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.