Bypassing SMEP Using vDSO Overwrites (CSAW Finals 2015 StringIPC)

3 replies [Last post]
citypw
citypw's picture
Offline
SX VIP
Joined: 2013/05/23

http://itszn.com/blog/?p=21

Those *singular* mitigation might not secure as we expected. Although UDEREF is very similar( UDEREF is actually the 1st mitigation for preventing ret2usr back in 2007, and then SMEP built with Intel SandyBridge in 2011) to SMEP, the truth is you would never only use UDEREF while you deploy PaX/Grsecurity with your GNU/Linux system. Defense-in-Depth should be our daily bread in the wilding cyber world;-)