On Tue, 2017-06-20 at 08:42 -0700, stan wrote: > On Tue, 20 Jun 2017 13:11:24 +0100 > Patrick O'Callaghan <pocallaghan@xxxxxxxxx> wrote: > > > On Mon, 2017-06-19 at 23:08 -0700, stan wrote: > > > I'm running > > > the kernel with the fix, and it is working fine so far. > > > > As I understand it (and as the bug report appears to confirm) the fix > > is to ld.so, not the kernel, though changing ld.so does of course mean > > a reboot. > > Yes, I also saw that. However, I assumed Laura Abbot, one of the kernel > maintainers for Fedora, would know what she is talking about. My > assumption was that this was adding the strong stack protection to the > kernel side of things. I checked in koji, and the fix is also in the > latest glibc (where ld.so comes from), but it hadn't been pushed at > that time, so I didn't install the patched version of glibc. As the > exploit report said, enabling strong stack protection in the compiler > for affected libraries would stop this exploit, but would be > expensive. I assume that means it slows execution. Full details are in the report already cited, but briefly the fix causes each page of the new stack frame to be probed to make sure it doesn't overlap with the guard page (a write-protected page created to prevent stack and heap from running into each other). The exploit consisted in jumping over the guard page so as not to trigger a trap, and the patch cuts off that line of attack at the expense of some extra instruction cycles. poc _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
