| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 8 Mar 2015 11:26:29 +0200 From: Gil Besso <gil.besso@...security.com> To: Christophe Hauser <christophe@...ucsb.edu> Cc: fulldisclosure@...lists.org Subject: Re: [FD] Partial pointer leaks Not exactly what you're after, but might interest you anyway: http://scarybeastsecurity.blogspot.co.il/2011/03/multi-browser-heap-address-leak-in-xslt.html On Sat, Mar 7, 2015 at 3:13 AM, Christophe Hauser <christophe@...ucsb.edu> wrote: > On Thu, Mar 05, 2015 at 10:42:15AM -0800, Robert Święcki wrote: > > I'm not sure if that's what you look for, but certain perf operations > > leak one or two addresses from the kernel space in the default Ubuntu > > configuration. It's possible to write a short PoC, but it might take a > > few mins, instead feel free to to compile and use > > https://code.google.com/p/honggfuzz/source/checkout - which serves > > other purpose, but uses perf as well. This behavior could be well by > > design though, I haven't checked yet. > > > > It will only work under newer Intel CPUs BTW. > > > > $ ~/src/honggfuzz/honggfuzz -n1 -N1 -d4 -s -Dp -- /bin/true | cut -f9 > > -d" " | grep ffffffff | sort | uniq > > 0xffffffff8178ad82 > > 0xffffffff8178ba47 > > > > # Remove the last 4 bits here > > $ sudo grep ffffffff8178ad8. /boot/System.map-3.16.0-31-generic > > ffffffff8178ad85 t sysret_careful > > > > $ sudo grep ffffffff8178ba47 /boot/System.map-3.16.0-31-generic > > ffffffff8178ba47 T native_irq_return_iret > > > > HTH > > Hi Robert, > > thank you, this is very interesting and seems to be one potential > occurrence of what I am looking for. > > Nice tool by the way ! > > -- > Christophe > > > > _______________________________________________ > Sent through the Full Disclosure mailing list > https://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists