[grsec] RFC: port new options from openwall
Brad Spengler
spender at grsecurity.net
Sun Feb 17 10:17:10 EST 2008
On Sun, Feb 17, 2008 at 11:28:09AM +0100, Peter S. Mazinger wrote:
> Hello,
>
> 2 new options were added to 2.4.35 openwall patch at
> http://www.openwall.com/linux/, HARDEN_PAGE0 and HARDEN_VM86.
>
> What about adding these to grsecurity as well?
Why would we add HARDENED_PAGE0 when since 2006 we've had support for
proper protection against all invalid userland access bugs through
UDEREF? On the forums I demonstrated a recent exploitable vulnerability
where UDEREF protects the system while SELinux's
min_mmap_addr/HARDEN_PAGE0 do nothing.
As for HARDEN_VM86, the PaX team and myself don't see much security
benefit to it. The PaX team has already fixed bugs in the vanilla
kernel related to cpu time accounting with vm86 mode, but no bugs
exploitable for privilege escalation were found. It's likely that the
feature was added at the same time as HARDEN_PAGE0 because HARDEN_PAGE0
breaks apps like dosemu which also use VM86 mode, so there was no sense
in keeping the VM86 code around in the kernel. UDEREF doesn't break
any userland apps.
-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20080217/6229a2ef/attachment.pgp
More information about the grsecurity
mailing list