lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250214100545.GG21726@noisy.programming.kicks-ass.net>
Date: Fri, 14 Feb 2025 11:05:45 +0100
From: Peter Zijlstra <peterz@...radead.org>
To: Andrew Cooper <andrew.cooper3@...rix.com>
Cc: Kees Cook <kees@...nel.org>, jannh@...gle.com, jmill@....edu,
	joao@...rdrivepizza.com, linux-hardening@...r.kernel.org,
	linux-kernel@...r.kernel.org, luto@...nel.org,
	samitolvanen@...gle.com
Subject: Re: [RFC] Circumventing FineIBT Via Entrypoints

On Thu, Feb 13, 2025 at 08:41:16PM +0000, Andrew Cooper wrote:

> The problem is that SYSCALL entry/exit is a toxic operating mode,
> because you only have to think about sneezing and another user->kernel
> priv-esc appears.

For a very brief moment I thought we could leave out the ENDBR there and
eat the #CP, but 1) slow, and 2) then #CP needs to be an IST and ARGHH.

So yeah, I didn't just suggest anything at all.

I hate all this.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ