post meeting note
This commit is contained in:
twoneis
parent
31a8ed52cc
commit
3c2f8d2c87
1 changed files with 4 additions and 2 deletions
|
|
@ -1,14 +1,16 @@
|
||||||
# 02-28
|
# 02-28
|
||||||
Daily supervisor: Dyon
|
Daily supervisor: Dyon
|
||||||
Goal: Breaking KASLR through TLB-based side channel attack
|
Goal: Breaking KASLR through TLB-based side channel attack
|
||||||
Status:
|
Status: Deciding on which part exactly to choose, hardware access today
|
||||||
Progress:
|
Progress:
|
||||||
- Target platform: i7-8650U Kernel 6.8
|
- Target: i7-8650U Kernel 6.8
|
||||||
- First idea: Try using CONFIG_STRICT_MODULE_RWX (D1)
|
- First idea: Try using CONFIG_STRICT_MODULE_RWX (D1)
|
||||||
- but: maybe further input needed here which one is desireable target
|
- but: maybe further input needed here which one is desireable target
|
||||||
- strict module rwx => can leak heap (excluding cred and less reliable pipe-buffer) and page tables
|
- strict module rwx => can leak heap (excluding cred and less reliable pipe-buffer) and page tables
|
||||||
- virtual heap => can leak heap (including cred) reliably
|
- virtual heap => can leak heap (including cred) reliably
|
||||||
|
- Go with heap => cred one of the most interesting
|
||||||
- virtual stack => can leak kernel stack
|
- virtual stack => can leak kernel stack
|
||||||
|
- Forgot about research proposal, message herbert
|
||||||
|
|
||||||
# 02-21
|
# 02-21
|
||||||
Daily supervisor: Dyon
|
Daily supervisor: Dyon
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue