Blog

grsecurity 4.12 Updates

Updates on some of our work included in our 4.12 patch, including a review of Linux 4.13 and comments on some of its security changes.

Read More

grsecurity 4.11 Updates

Updates on our work since our announcement present in the 4.11 patch just released, including a review of Linux 4.12 and the decade-old security fixes from grsecurity it included.

Read More

An Ancient Kernel Hole is (Not) Closed

The "stack clash" series of vulnerabilities were a prime opportunity to demonstrate the strength of grsecurity's approach to security. Unlike upstream Linux and other OSes, the issues uncovered were unexploitable under grsecurity for many years.

Read More

The Infoleak that (Mostly) Wasn't

A 14 year old information leak appears important at first, but an analysis uncovers limited impact.

Read More

Close, but No Cigar: On the Effectiveness of Intel's CET Against Code Reuse Attacks

Intel's recent announcement of their hardware support for a form of Control Flow Integrity (CFI) has raised a lot of interest among the expert as well as the popular press. As an interested party we've decided to look at some of the details and analyze the strengths and weaknesses of Intel's Control-flow Enforcement Technology (CET).

Read More

KASLR: An Exercise in Cargo Cult Security

This post provides an in-depth analysis of the flawed KASLR mitigation, through a history lesson of the origins of ASLR, security fundamentals, and threat modeling.

Read More

The Truth about Linux 4.6

This post is a teardown of a factually incorrect presentation by Linux kernel maintainer, Greg KH. It cuts through the hype and discusses the minimal security improvements to Linux 4.6 by the KSPP.

Read More

False Boundaries and Arbitrary Code Execution

This often-cited post provides a detailed reference to the Linux capability system, subjecting it to critical analysis through the lens of ambient authority, with the revelation that most capabilities are equivalent to full root access if an attacker has arbitrary ability to exercise the capability. It finishes with a discussion on how this plays into PaX's design and grsecurity's RBAC system.

Read More

Recent ARM Security Improvements

This post contains a detailed blueprint for the novel design and implementation of PaX KERNEXEC and UDEREF on ARM, preventing ambient direct userland access from the kernel as well as preventing arbitrary code execution in the kernel.

Read More

Assorted Notes on Defense and Exploitation

This post presents a defense of so-called "ad-hoc" memory corruption defenses, comparing their practicality and effectiveness to calls to rewrite all software in safe languages, as proposed by a cited presentation. It also drives home the message of seeking details instead of believing security buzzwords like "sandbox".

Read More

For more blog entries, please see our old blog forum.