Показать сообщение отдельно
Старый 14.05.2016, 13:10   #36
SynQ
 
Регистрация: 11.07.2010
Сообщений: 952
Репутация: 352
По умолчанию

Цитата:
Artem Shishkin @honorary_bot
CR4.UMIP (User-Mode Instruction Prevention) for KASLR, nice
Красивый UaF в ядре 4.4-4.5 структуры fd (открываем writable fd, освобождаем его, открываем read-only fd до /etc/crontab и можем писать в него):
https://bugs.chromium.org/p/project-.../detail?id=808

Коммит SLAB freelist randomization:
http://git.kernel.org/cgit/linux/ker...f9996e9675e25f

Цитата:
Сообщение от Kees Cook
As for security features I've been tracking in 4.6:
- KASLR on arm64 (though requires the bootloader to provide entropy)
- Kernel memory protection by default on ARMv7+
- Kernel memory protection by default on arm64
- Kernel memory protection mandatory on x86
- __ro_after_init markings for write-once data

For 4.7, I think it's likely we'll see:
- split of physical/virtual text base address randomization for x86 KASLR
- KASLR on MIPS
- LoadPin LSM to control kernel module and firmware origins

For 4.8, I'm hoping we'll see:
- randomization of base addresses for page tables, vmalloc, and other memory regions for x86 KASLR
- gcc plugin infrastructure
- per-build structure layout randomization
SynQ вне форума   Ответить с цитированием