lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20150307011326.GB19471@chrisbox.seclab.ucsb.edu>
Date: Fri, 6 Mar 2015 17:13:26 -0800
From: Christophe Hauser <christophe@...ucsb.edu>
To: Robert Święcki <robert@...ecki.net>
Cc: fulldisclosure@...lists.org
Subject: Re: [FD] Partial pointer leaks

On Thu, Mar 05, 2015 at 10:42:15AM -0800, Robert Święcki wrote:
> I'm not sure if that's what you look for, but certain perf operations
> leak one or two addresses from the kernel space in the default Ubuntu
> configuration. It's possible to write a short PoC, but it might take a
> few mins, instead feel free to to compile and use
> https://code.google.com/p/honggfuzz/source/checkout - which serves
> other purpose, but uses perf as well. This behavior could be well by
> design though, I haven't checked yet.
> 
> It will only work under newer Intel CPUs BTW.
> 
> $ ~/src/honggfuzz/honggfuzz -n1 -N1 -d4 -s -Dp -- /bin/true  | cut -f9
> -d" " | grep ffffffff | sort | uniq
> 0xffffffff8178ad82
> 0xffffffff8178ba47
> 
> # Remove the last 4 bits here
> $ sudo grep ffffffff8178ad8. /boot/System.map-3.16.0-31-generic
> ffffffff8178ad85 t sysret_careful
> 
> $ sudo grep ffffffff8178ba47 /boot/System.map-3.16.0-31-generic
> ffffffff8178ba47 T native_irq_return_iret
> 
> HTH

Hi Robert,

thank you, this is very interesting and seems to be one potential
occurrence of what I am looking for.

Nice tool by the way !

-- 
Christophe


Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ