Kernel release status
Posted Oct 1, 2009 9:44 UTC (Thu) by mingo
In reply to: Kernel release status
Parent article: Kernel release status
You had a lot to say before, but have been silent for days since I brought up stack-protector not doing what you claimed.
I was away attending a real-time conference. (There was an LWN.net article about that conference.)
At a quick glance (i'm still not up to speed after my trip) my guess is that you couldn't reproduce my results because you used an older GCC version. I used GCC 4.4. Earlier GCCs not catching all overflows is of course a problem - but it would be nice if you could check if you can reproduce the problem with a recent version of GCC.
I also noticed that you apparently avoided Fedora rawhide for your tests - the only distribution which actually had the 2.6.31 kernel.
So if you have intellectual curiosity you might want to check it on rawhide - when producing exploit videos you are using Fedora so it should be easy enough.
Another update is that we are working on various measures to harden the Linux kernel against similar exploits in the future. See LKML for details. Again, feel free to contribute to Linux security efforts if you are interested.
to post comments)