Le 23/08/2017 à 16:24, Maxime Villard a écrit :
Here is a patch that implements SMAP on amd64. SMAP is basically a feature that prevents the kernel from reading a userland page, and it's a great exploit mitigation feature.... [1] http://m00nbsd.net/garbage/smap/amd64.diff
I've updated my patch. kcopy did not need a copy window, and there was a missing smap_enable in one of the error branches.
