Oh yeah, I remember when that article came out (around kernel 2.6.32.3 or so). Spenders response to it is here:
http://forums.grsecurity.net/viewtopic.php?f=7&t=2596 I'm trying to be sensitive to the work of a security researchers since I know how personal it can get at times. We're all in the "Worst case scenario" business, so it would be disingenuous for me to downplay something I do all the time myself. The gist is that they did a "What-If" scenario with the kernel, by introducing a vulnerability in the kernel that does not exist and frankly is in a space that has had very few (published!) real world examples. This is a good thing.
This is just war-gaming defensive measures in a way that I think never happens with regular software development. The point they were trying to make was that beating something like grsec/pax is very very difficult. The result was an improvement in grsecurty & pax to cover a vector of attack that raised the bar even higher.
Login
Register
FAQ
Search
