LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

LWN.net Weekly Edition for June 6, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

The rest of the vmsplice() exploit story

The rest of the vmsplice() exploit story

Posted Mar 6, 2008 20:05 UTC (Thu) by spender (subscriber, #23067)
In reply to: The rest of the vmsplice() exploit story by fuhchee
Parent article: The rest of the vmsplice() exploit story 

The UDEREF feature of PaX prevents the kernel from accessing userland memory directly and has
been doing so for 2 years now, close to a year before the vulnerability class ever became
public.  It makes use of segmentation on x86 to accomplish this, so due to Linus' rules it
will never be accepted into the mainline kernel.

-Brad

(Log in to post comments)

The rest of the vmsplice() exploit story

Posted Mar 6, 2008 20:11 UTC (Thu) by spender (subscriber, #23067) [Link] 

If you're interested, I had posted this information earlier regarding UDEREF to some mailing
lists, courtesy of the PaX Team:
http://grsecurity.net/~spender/uderef.txt

-Brad

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds