| |||||||||||||
Quotes of the weekQuotes of the weekPosted Jun 14, 2012 16:23 UTC (Thu) by PaXTeam (subscriber, #24616)In reply to: Quotes of the week by nevets Parent article: Quotes of the week
> Modifying config options does modify the kernel. Do you need to recompile?
i think for most people (esp. kernel devs) modify = patch, and not 'reconfigure'. but for all i care, i got the point across :).
> but I was thinking that userspace had the added protection of segments to protect against accessing the kernel.
even if the default segments were set up this way, there's modify_ldt and TLS to get around them.
> Are you saying that since Linux uses a flat segment space that the bugs happen for both i386 and x86_64?
yes (if 'happen' = 'are exploitable'). UDEREF on i386 uses segmentation to prevent exactly this class of bugs from becoming exploitable beyond DoS.
(Log in to post comments)
Quotes of the week Posted Jun 14, 2012 16:38 UTC (Thu) by nevets (subscriber, #11875) [Link]
> yes (if 'happen' = 'are exploitable'). UDEREF on i386 uses segmentation to prevent exactly this class of bugs from becoming exploitable beyond DoS.
Which goes back to my original point. Why run vanilla Linux i386 on x86_64. It's better to just run x86_64 kernel with a i386 userspace, then an i386 kernel if you have extended RAM.
Quotes of the week Posted Jun 14, 2012 18:11 UTC (Thu) by PaXTeam (subscriber, #24616) [Link]
sure, an amd64 kernel manages more RAM in a better way but you had a (rhetorical?) question as to why would someone still stick to i386, i just gave you one possible reason (better kernel self-defense), that's all :).
|
|||||||||||||