http://redstack.net/blog/2009/09/24/linux-kernel-2631-perf_counter_open-exploit/ Pirates are way cooler than Ninjas, but not as much as Samuraïs Sat, 26 Jun 2010 12:44:51 +0000 hourly 1 http://wordpress.org/?v=3.0 http://redstack.net/blog/2009/09/24/linux-kernel-2631-perf_counter_open-exploit/comment-page-1/#comment-8186 ties Sat, 31 Oct 2009 00:18:46 +0000 http://redstack.net/blog/?p=70#comment-8186 Write more ! :( Write more !

]]> http://redstack.net/blog/2009/09/24/linux-kernel-2631-perf_counter_open-exploit/comment-page-1/#comment-7846 argp Sun, 18 Oct 2009 14:04:47 +0000 http://redstack.net/blog/?p=70#comment-7846 Nice post. Nice post.

]]> http://redstack.net/blog/2009/09/24/linux-kernel-2631-perf_counter_open-exploit/comment-page-1/#comment-7747 core Tue, 13 Oct 2009 21:41:32 +0000 http://redstack.net/blog/?p=70#comment-7747 excellent writeup! excellent writeup!

]]> http://redstack.net/blog/2009/09/24/linux-kernel-2631-perf_counter_open-exploit/comment-page-1/#comment-7708 xipe Sat, 10 Oct 2009 15:16:09 +0000 http://redstack.net/blog/?p=70#comment-7708 Thank you Keen :) - Xipe Thank you Keen
- Xipe

]]> http://redstack.net/blog/2009/09/24/linux-kernel-2631-perf_counter_open-exploit/comment-page-1/#comment-7707 Keen Observer Sat, 10 Oct 2009 06:16:50 +0000 http://redstack.net/blog/?p=70#comment-7707 Also, credits should go to Silvio Cesare for being the first to use iret in 03, so there! Also, credits should go to Silvio Cesare for being the first to use iret in 03, so there!

]]> http://redstack.net/blog/2009/09/24/linux-kernel-2631-perf_counter_open-exploit/comment-page-1/#comment-7705 Keen Observer Sat, 10 Oct 2009 06:06:33 +0000 http://redstack.net/blog/?p=70#comment-7705 Spender has always been out for glory, it's common news that he stole the whole grsecurity ideology, I mean -- a bug was discovered, and exploited over a week ago, and he scouts the internet for blogs that talk about it without giving credit to him and qaaz, funny how it's not qaaz that complains ;) -- Good work xipe, continue posting more, I'm sure a lot of people congratulate your efforts. Spender has always been out for glory, it’s common news that he stole the whole grsecurity ideology, I mean — a bug was discovered, and exploited over a week ago, and he scouts the internet for blogs that talk about it without giving credit to him and qaaz, funny how it’s not qaaz that complains — Good work xipe, continue posting more, I’m sure a lot of people congratulate your efforts.

]]> http://redstack.net/blog/2009/09/24/linux-kernel-2631-perf_counter_open-exploit/comment-page-1/#comment-7574 c Fri, 25 Sep 2009 03:15:13 +0000 http://redstack.net/blog/?p=70#comment-7574 Xipe, thanks for the walk-through. For those not familiar with kernel exploitation, it\'s a good read and educational. Spender, if you read this, your code and research are top-notch, and grsecurity is a valuable addition to our world. But your apparent arrogance and harsh criticism of others, including the elitist arrogance of calling others idiots sends a big fat pointer towards your own ego-trip. I\'m sure you popped out of the womb knowing everything. Cool the ego and life will be better. Xipe, thanks for the walk-through. For those not familiar with kernel exploitation, it\’s a good read and educational. Spender, if you read this, your code and research are top-notch, and grsecurity is a valuable addition to our world. But your apparent arrogance and harsh criticism of others, including the elitist arrogance of calling others idiots sends a big fat pointer towards your own ego-trip. I\’m sure you popped out of the womb knowing everything. Cool the ego and life will be better.

]]> http://redstack.net/blog/2009/09/24/linux-kernel-2631-perf_counter_open-exploit/comment-page-1/#comment-7570 xipe Thu, 24 Sep 2009 18:33:44 +0000 http://redstack.net/blog/?p=70#comment-7570 spender, concerning the code that doesn't work on 4k stacks ... I wrote it as documented in Understanding Linux Kernel 3th edition ... please just stop ;) For people reading this and wanting to run the exploit on a 4k stack, you should change the "movl $0xffffe000,%%eax ;" with "movl $0xfffff000,%%eax ;" Best regards, - Xipe spender, concerning the code that doesn’t work on 4k stacks … I wrote it as documented in Understanding Linux Kernel 3th edition … please just stop
For people reading this and wanting to run the exploit on a 4k stack, you should change the “movl $0xffffe000,%%eax ;” with “movl $0xfffff000,%%eax ;”
Best regards,
- Xipe

]]> http://redstack.net/blog/2009/09/24/linux-kernel-2631-perf_counter_open-exploit/comment-page-1/#comment-7569 spender Thu, 24 Sep 2009 18:17:54 +0000 http://redstack.net/blog/?p=70#comment-7569 I wasn't asking credit for myself (since he obviously hadn't seen the work I had done), just for the person whose code they ripped (including the get_stack_top code which doesn't work on 4k stacks). It's common courtesy. I wasn’t asking credit for myself (since he obviously hadn’t seen the work I had done), just for the person whose code they ripped (including the get_stack_top code which doesn’t work on 4k stacks). It’s common courtesy.

]]> http://redstack.net/blog/2009/09/24/linux-kernel-2631-perf_counter_open-exploit/comment-page-1/#comment-7568 dcl Thu, 24 Sep 2009 17:55:05 +0000 http://redstack.net/blog/?p=70#comment-7568 Yeah... heaven forbid someone use the documented way to return across ring boundaries. Brad, you do good research. I'll give you that. But you sure do fucking whine and cry a lot about shit. Does your ego really not get fed enough? Jesus man.. Yeah… heaven forbid someone use the documented way to return across ring boundaries. Brad, you do good research. I’ll give you that. But you sure do fucking whine and cry a lot about shit. Does your ego really not get fed enough? Jesus man..

]]>