From: Ingo Molnar <mingo@elte.hu>
To: pageexec@freemail.hu
Cc: linux-kernel@vger.kernel.org,
Arjan van de Ven <arjanv@redhat.com>,
"Theodore Ts'o" <tytso@mit.edu>
Subject: Re: Sabotaged PaXtest (was: Re: Patch 4/6 randomize the stack pointer)
Date: Tue, 8 Feb 2005 14:41:56 +0100 [thread overview]
Message-ID: <20050208134156.GA5017@elte.hu> (raw)
In-Reply-To: <42093CC7.5086.1FC83D3E@localhost>
* pageexec@freemail.hu <pageexec@freemail.hu> wrote:
> > btw., do you consider PaX as a 100% sure solution against 'code
> > injection' attacks (meaning that the attacker wants to execute an
> > arbitrary piece of code, and assuming the attacked application has a
> > stack overflow)? I.e. does PaX avoid all such attacks in a guaranteed
> > way?
>
> your question is answered in http://pax.grsecurity.net/docs/pax.txt
> that i suggested you to read over a year ago. the short answer is that
> it's not only about stack overflows but any kind of memory corruption
> bugs, and you need both a properly configured kernel (for PaX/i386
> that would be SEGMEXEC/MPROTECT/NOELFRELOCS) and an access control
> system (to take care of the file system and file mappings) and a
> properly prepared userland (e.g., no text relocations in ELF
> executables/libs, which is a good thing anyway).
i'm just curious, assuming that all those conditions are true, do you
consider PaX a 100% sure solution against 'code injection' attacks?
(assuming that the above PaX and access-control feature implementations
are correct.) Do you think the upstream kernel could/should integrate it
as a solution against code injection attacks?
Ingo
next prev parent reply other threads:[~2005-02-08 13:42 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-02 16:51 Sabotaged PaXtest (was: Re: Patch 4/6 randomize the stack pointer) Ingo Molnar
2005-02-02 22:08 ` pageexec
2005-02-03 9:44 ` Ingo Molnar
2005-02-03 14:20 ` pageexec
2005-02-03 20:20 ` Ingo Molnar
2005-02-07 14:23 ` pageexec
2005-02-07 21:08 ` Ingo Molnar
2005-02-08 12:27 ` pageexec
2005-02-08 21:23 ` Ingo Molnar
2005-02-07 22:36 ` Ingo Molnar
2005-02-08 12:27 ` pageexec
2005-02-08 13:41 ` Ingo Molnar [this message]
2005-02-08 14:25 ` Julien TINNES
2005-02-08 16:56 ` Ingo Molnar
2005-02-08 16:48 ` the "Turing Attack" (was: Sabotaged PaXtest) Ingo Molnar
2005-02-08 22:08 ` Ingo Molnar
2005-02-10 13:43 ` Ingo Molnar
2005-02-10 13:58 ` Jakob Oestergaard
2005-02-10 15:21 ` Ingo Molnar
2005-02-10 20:03 ` David Weinehall
2005-02-11 8:51 ` Mika Bostrom
2005-02-08 22:41 ` H. Peter Anvin
2005-02-03 13:55 ` Sabotaged PaXtest (was: Re: Patch 4/6 randomize the stack pointer) Peter Busser
2005-02-03 14:39 ` Roman Zippel
2005-02-07 12:23 ` pageexec
2005-02-07 18:31 ` John Richard Moser
[not found] <200501311015.20964.arjan@infradead.org>
2005-01-31 12:57 ` Peter Busser
2005-01-31 16:41 ` Arjan van de Ven
2005-02-01 9:44 ` Peter Busser
2005-02-01 11:46 ` Ingo Molnar
2005-02-01 14:48 ` Peter Busser
2005-02-01 21:39 ` Diego Calleja
2005-02-02 0:15 ` Theodore Ts'o
2005-02-02 8:26 ` Theodore Ts'o
2005-02-02 9:55 ` Peter Busser
2005-02-02 9:35 ` Peter Busser
2005-02-02 9:52 ` Arjan van de Ven
2005-02-02 12:18 ` pageexec
2005-02-02 13:13 ` Peter Busser
2005-02-02 14:12 ` Ingo Molnar
2005-02-02 18:02 ` Olivier Galibert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050208134156.GA5017@elte.hu \
--to=mingo@elte.hu \
--cc=arjanv@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=pageexec@freemail.hu \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.