Attacking hardened Linux systems with kernel JIT spraying

Posted Nov 18, 2012 18:36 UTC (Sun) by spender (guest, #23067)
In reply to: Attacking hardened Linux systems with kernel JIT spraying by patrick_g
Parent article: Attacking hardened Linux systems with kernel JIT spraying

That's not what it means. For more information, please see:
http://en.wikipedia.org/wiki/Reading_comprehension

PS: at the risk of making the kernel even more vulnerable, please see the following:
http://grsecurity.net/~spender/jit_prot.diff

-Brad

Attacking hardened Linux systems with kernel JIT spraying

Posted Nov 18, 2012 19:44 UTC (Sun) by patrick_g (subscriber, #44470) [Link] (1 responses)

> That's not what it means. For more information, please see:
> http://en.wikipedia.org/wiki/Reading_comprehension

Thanks. Your usual condescending tone.
I'm not a native english speaker so perhaps you could explain more thoroughly why I'm wrong? According to the article, BPF JIT is disabled by distributions so the JIT spraying attack cannot work. Concerning PaX's KERNEXEC the author wrote "JIT spray exploit succeeds" so I wrongly thought it was a weakness in PaX.

Attacking hardened Linux systems with kernel JIT spraying

Posted Nov 19, 2012 18:40 UTC (Mon) by iabervon (subscriber, #722) [Link]

This attack succeeds on PaX "where a traditional jump-to-userspace fails"; on mainline, the traditional jump-to-userspace succeeds, so JIT spraying is unnecessary.

Attacking hardened Linux systems with kernel JIT spraying

Posted Nov 18, 2012 23:08 UTC (Sun) by NightMonkey (subscriber, #23051) [Link]

spender/Brad, you might be right, but lets keep LWN free of lame put-downs. Keep it civil, please. Thanks.