|
|
Subscribe / Log in / New account

Attacking hardened Linux systems with kernel JIT spraying

Attacking hardened Linux systems with kernel JIT spraying

Posted Nov 18, 2012 23:45 UTC (Sun) by yann.morin.1998 (guest, #54333)
In reply to: Attacking hardened Linux systems with kernel JIT spraying by patrick_g
Parent article: Attacking hardened Linux systems with kernel JIT spraying

> > PaX's KERNEXEC feature implements in software a policy very similar to SMEP. And indeed, the JIT spray exploit succeeds where a traditional jump-to-userspace fails. (grsecurity has other features that would mitigate this attack, like the ability to lock out users who oops the kernel.)

> Does it mean a PaX hardened kernel is **more** vulnerable than a mainline kernel (with BPF JIT disabled)?

What I understood (not being a native english speaker either, as you know ;-) ) is:

- JIT disabled: no issue, as it's not even possible to attack the JIT, it being disabled
- JIT enabled, with PaX' KERNEXEC: JIT was successfully subverted
- JIT enabled, with SMEP: unknown, but probably similar to PaX' KERNEXEC, as the thechnique is the same

Hop,
Me.

to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds