Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <DE424A01-B5A4-46A5-85F4-715E0A08F33D@gmail.com>
Date: Thu, 25 Jul 2019 15:25:37 +0400
From: Ilya Matveychikov <matvejchikov@...il.com>
To: lkrg-users@...ts.openwall.com
Subject: Re: LKRG 0.7 CI & ED bypass



> On Jul 22, 2019, at 11:40 PM, Adam Zabrocki <pi3@....com.pl> wrote:
> 
>> CI timer is a periodic job with 15 seconds period by default so I don???t see the reason why
>> it isn???t possible to launch the exploit when CI is not yet started. Lucky you, but it works
>> well on my VM :-)
> 
> CI is not only triggered on timer. I've made a test where I've completely 
> disabled timer, and still LKRG's CI was able to catch that. Mostly, because 
> LKRG's CI can also be executed on the random events in the system which are 
> generated by the nature of the bug.
> 
> Nevertheless, I've tried to reproduce your environment by disabling SMEP, 
> disabling CI timer and also disabling CI on random events in the system. I 
> still was not able to reproduce your bypass instead I'm getting critical kernel 
> panic (usually fatal exception in interrupt). Can you share a screenshot from 
> your tests where LKRG is running?

Here is a demo:
https://mega.nz/#!g6gnzK4B!5VEgZA3JgnZeCwmjkhJcyf45RTDWM_yOcgW6WAqAUa8

> 
> Thanks,
> Adam
> 
> -- 
> pi3 (pi3ki31ny) - pi3 (at) itsec pl
> http://pi3.com.pl
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.