Twitter | Pretraživanje | |
Andrey Konovalov 8. sij
Linux Kernel Runtime Guard (LKRG) bypass collection by Ilya Matveychikov, CC
Reply Retweet Označi sa "sviđa mi se"
Solar Designer 8. sij
Odgovor korisniku/ci @andreyknvl @Adam_pi3
We appreciate Ilya's effort since it tests what protection LKRG provides or does not provide in practice, which is more nuanced than our general stance of "bypassable by design". To illustrate such nuance each bypass needs commentary on LKRG versions/settings and bypass efficacy.
Reply Retweet Označi sa "sviđa mi se"
Solar Designer
Unfortunately, Ilya does not provide such commentary himself (so far, and probably wouldn't). That's fine - we can't expect any volunteer effort, especially if his point of view and goals are perhaps different than ours. ;-) So we should probably provide the commentary ourselves.
Reply Retweet Označi sa "sviđa mi se" More
Solar Designer 8. sij
Odgovor korisniku/ci @andreyknvl @Adam_pi3
As far as I see, we did comment on all of the bypasses seen in that repo so far, on the lkrg-users mailing list. We also addressed many of these in newer LKRG. Now that Ilya collected the bypasses so nicely in that repo, we should perhaps also collect our commentary in one place.
Reply Retweet Označi sa "sviđa mi se"
Solar Designer 10. sij
Odgovor korisniku/ci @andreyknvl @Adam_pi3
Update: Ilya himself has added a README, which explains some of those things. Great! We're not convinced by his reasoning against SMEP, though. Yes, ROP can bypass SMEP, but can one build fake stack frames to bypass LKRG's pCFI with ROP (remember it's the same stack)? We'll see.
Reply Retweet Označi sa "sviđa mi se"