grsecurity forums


https://forums.grsecurity.net/

CC_STACKPROTECTOR and PaX

https://forums.grsecurity.net/viewtopic.php?f=1&t=2725

Page 1 of 1

CC_STACKPROTECTOR and PaX

PostPosted: Sat Aug 20, 2011 9:20 pm
by ncuk
I was recently going through the Kconfig with pax and grsecurity. One question I have is this: Whis is CC_STACKPROTECTOR disabled if UDEREF is enabled? This may be silly, but would be good to know.

Re: CC_STACKPROTECTOR and PaX

PostPosted: Sun Aug 21, 2011 6:55 am
by PaX Team
ncuk wrote:Whis is CC_STACKPROTECTOR disabled if UDEREF is enabled?
due to a change in UDEREF/i386 the gs register is permanently needed in the kernel (to properly track/enforce the task address limit even across kernel re-entries and to prevent exploitation of bugs like CVE-2010-4258) and that excludes its use for SSP.

Re: CC_STACKPROTECTOR and PaX

PostPosted: Tue Sep 27, 2011 4:59 pm
by tjh
http://www.redhat.com/security/data/cve ... -4258.html
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/