| |||||||||||||
fixed in v2.6.31.1, also caught by StackProtectorfixed in v2.6.31.1, also caught by StackProtectorPosted Sep 26, 2009 13:20 UTC (Sat) by spender (subscriber, #23067)In reply to: fixed in v2.6.31.1, also caught by StackProtector by mingo Parent article: Kernel release status
I seem to recall someone talking about another exploit being unexploitable from stackprotector. Right, it was you:
http://www.pubbs.net/kernel/200904/62088/ "the vmsplice exploit would only have been caught by the -ALL variant."
How quickly you forgot this:
and the fact that you actually committed his fix (and so were involved in the discussion above):
Did you have any proof for that one? That SSP stops exploitation of a vuln that doesn't even involve overwriting a return address?
-Brad
(Log in to post comments)
fixed in v2.6.31.1, also caught by StackProtector Posted Sep 26, 2009 13:45 UTC (Sat) by mingo (subscriber, #31122) [Link] Did you have any proof for that one? That SSP stops exploitation of a vuln that doesn't even involve overwriting a return address? Indeed, i was wrong about that in the changelog, mea culpa. StackProtector has its place, but it would not have stopped the vmsplice exploit. Thanks, Ingo
|
|||||||||||||