Title : Phrack Prophile on The PaX Team
Author : TCLH
==Phrack Inc.==
Volume 0x0d, Issue 0x42, Phile #0x02 of 0x11
|=----------------------------------------------------------------------=|
|=------------------------=[ PHRACK PROPHILE ON ]=----------------------=|
|=----------------------------------------------------------------------=|
|=------------------------------=[ pipacs ]=----------------------------=|
|=----------------------------------------------------------------------=|
|=---=[ Specifications
Handle: pipacs
AKA: PaX Team
Handle origin: your pick between P. Howard and images.google.com :)
Produced in: .hu
Urlz: pax.grsecurity.net
Computers: always a generation behind...
Creator of: PaX
Member of: PaX Team :)
Projects: PaX
Codez: ntid
Active since: 15+ years
Inactive since: past few years
|=---=[ Favorites
Actors: Chaplin
Films: Versus
Authors: Gurdjieff
Books: Fire from within
Novel: Jonathan Livingston Seagull
Meeting: eclipse'99
Music: Radioaktivitaet, The light of the spirit
Alcohol: long island iced tea
Cars: Maserati
Foods: anything but 4 legs
I like: good beer & wine
I dislike: all that bitter 'beer' down under :P
|=---=[ Your current life in a paragraph
Working on some PHP/.net/js stuff for a SaaS startup, and generally
tired of everything security related. Fortunately there's life beyond
that :).
|=---=[ First contact with computers
Despite the early 80's behind the iron curtain and COCOM restrictions,
I somehow managed to get my hands on an ABC-80 during a summer camp.
It was Z-80 and BASIC, but one had to start somewhere ;). Afterwards
came a ZX-81, a Spectrum, etc, the usual stuff in those days.
|=---=[ Passions : What makes you tick
Unsolved problems. Unsolvable problems.
|=---=[ Entrance in the underground
I'm not sure I was ever part of the underground but let's just say that
many of the smart people I met in the mid-90's would later end up in
computer security as a necessary outgrowth of skills they acquired in
reverse engineering. To me they're still the friends of 10+ years and
there's nothing particular about being part of the underground (ok,
did i successfully ditch the question? :).
|=---=[ Which research have you done or which one gave you the most fun?
It's of course PaX, especially some 6 years ago when spender and me
were porting it to new CPUs while solving unsolvable problems (where's
that NX bit on ppc32 again? :).
|=---=[ How you got started on low-level concepts?
In the ZX Spectrum days I wanted to stop the clock in some game, so
there I was learning Z-80 assembly and finding that pesky dec (hl).
From then on it was lots of assembly coding for the Spectrum (still
proud of my own turbo loader after all these years :) then later the
Amiga (m68k) and finally the PC.
Interestingly, I really hated the PC (x86) after the m68k but when
I had to clean up after a virus infection (the first and only one I
ever got :), I finally gave in and learned x86 as well and began to
reverse engineer more stuff, particularly exe packers (ever since that
virus incident I still have the habit of unpacking and looking at
everything first). That then led to a never ending cat&mouse game
between debuggers and anti-debugging techniques, so I had to eventually
reverse engineer and fix my choice of a debugger, SoftICE. That was a
major undertaking in hindsight but it taught me a lot about CPU details
that proved very useful in later years.
|=---=[ Thoughts on future of security enhancements?
I think we'll see more of them as now there's very serious push in
the commercial sector (mostly due to Microsoft) to research and
develop practically useful techniques. There will be more tool chain
enhancements and also more kernel and hypervisor level work to lock
down various parts of the software stack and also to provide some
level of self-protection.
There will also be more work towards hardening parts of the client
side userland that is both powerful and most exposed to attacks.
Think web browsers, media players, etc, that all implement some form
of programmable engines which represent the same kind of problems as
runtime code generation (shellcode) did in the previous decades, just
at a higher abstraction level. Whether techniques developed so far
will be adaptable or not is an open question, but this problem needs
to be addressed soon.
|=---=[ Short history of PaX?
At around the time when the Y2K panic was settling down I got into
a startup to develop a HIPS for windows. That didn't work out in
the end for several reasons, but the idea stuck into my head and
while enjoying the summer between two jobs, I somehow remembered
what I had read about a year ago on IA-32 TLB hacking and I was set
on the path. I talked to a few friends about it and we decided to
do a windows version as that's what we were familiar with (speaking
of kernel internals). This is also the reason for the 'team' in the
name, even if the other guys dropped out soon afterwards to pursue
other interests.
The summer passed and I got a new job where linux was everywhere and
one October weekend I sat down and figured I'd give it a try. Turned
out that the first cut wasn't that hard and I was surprised that the
new kernel booted without a hitch and worked as expected.
Then came public disclosure day, something I had debated for some time
but decided I wasn't going to go down the patent road. I still think
it was the right decision, even if many people thought and still think
I was a bit crazy to let this out for free :).
The following years saw slow but steady development of various ideas,
limited by my free time, (un)fortunately (depending on which side of
the fence you are :). For a more precise timeline just look at the
wikipedia article, I think my years spent in (sometimes voluntary)
unemployment will clearly stand out :).
|=---=[ What future things are planned for PaX?
I wish I could just even list them :), but having looked at my to-do
list it seems I've got enough work left to fill more than a lifetime.
So without any particular preference, here's a few ideas that I hope
I can implement one of these days:
Ret2libc prevention: this is something I'd written about 6 years ago
but never got to implement it, and somewhat shamefully, the world at
large failed to as well (save for MSR's Gleipnir project perhaps).
I mean, all the effort people spent in the last decade on propolice/ssp
could have equally been spent on solving this much more relevant and
important problem...
Kernel self-protection: the goal here is to solve the somewhat
unsolvable problem of the kernel protecting itself from its own bugs.
What is or isn't possible is something you'll have to wait and see :).
More arch support: it would be nice if more CPU specific features could
be ported to other archs beyond x86, in particular ARM (android, mobile
phones) and MIPS (network gear) really need all the protection they can
get.
Virtualization support: whether it's a good idea or not from a security
point of view, virtualization is here to stay and unfortunately quite a
few of the existing kernel self-protection features are hard to handle
in those environments. I'm not yet sure what concessions can be made
here...
|=---=[ Personal general opinion about the underground
I don't know much about it given how many years ago I lost most of my
interest in computer security, but I can't help but note that the
barrier of entry is set a lot higher than in the previous century.
Couple that with vested new interests (both commercial, governmental
and criminal, with unclear boundaries at times :P) in siphoning off
all the knowledge and people in security and I can see no bright
future for the kind of underground that there was before...
I just hope that the spirit of not taking anything at face value,
looking behind and beyond of what is already known will not die out in
the younger generations and some of them will keep their independence
for long enough to nurture underground outlets as this one :).
|=---=[ Memorable Experiences
Meeting the internet in the early 90's when the whole country was
connected on a 9.6 kbps line to Vienna.
Downloading IDA 2.x in '94 and not knowing what to do with it at
first (anyone remembers ReSource on the Amiga? :).
Playing with SMM back in 1998, I keep wondering when Probe Mode gets
'discovered' and hyped up as well :).
Eclipse'99.
That ADMcon.
Being told by several native (english) speakers that I have a french
accent :P.
Seeing the AMD 'anti virus protection' ad on the London tube in the
summer of 2004 and realizing I may have had something to do with it.
2005, vomatron with a prince of Sri Lanka, you can blame PaX on him
too.
BAcon 06, the first and original one.
Padocon.
Teaching half the world to pronounce ege'szse'getekre (blame the lack
of proper accents on Phrack mandated ASCII :P).
Having to endure snoring from all kinds of people :).
|=---=[ Memorable people you have met
People who worked on icedump.
The wonderful team of Q.
People who helped with PaX.
The Padocon folks who got a tad bit drunk on palinka.
|=---=[ Memorable places you have been
All over the world except Antarctica.
|=---=[ Things you are proud of
Reverse engineering SoftICE to the point that some NuMega folks
reportedly thought their src got stolen or something.
Learning amd64 and porting a pure asm kernel driver to XP 64 RC and
reverse engineering and circumventing PatchGuard (a year before
Uninformed had published anything on it) all in 4 weeks while also
handling an lkml flamewar and being jetlagged down under...
|=---=[ Things you are not proud of
Some would say it's all the things I'm proud of :).
Oh, and sorry for having held up this release, but life's just too
busy...
|=---=[ Opinion about security conferences
Too much hype over too little content. But then there're exceptions.
Fortunately most are organized enough that presentations are available
online with many academic confs being the exception, shame on them.
Nevertheless, it seems that I still managed to collect over 16 GB of
(security) conference material over the years so I guess the situation
is not that bad. I wish I had time to read all that though :).
|=---=[ Opinion on Phrack Magazine 1985' ? 1995' ? 2005' ? '2009 ?
1985: I wish we had had a phone line to begin with :)
1995: the days when gopher was being taken over by http, and no
encryption in sight... anyway, I think p47 was the first issue I
got my hands on, and I didn't find it too interesting at the time,
sorry :)
2005: that'd be p63 I guess (your version, that is :), a whole lot more
stuff, and finally beyond the 100th how-to-backdoor-linux kind of
article
2009: I have yet to see, it didn't leak so far (kudos for the new team :)
|=---=[ What you would like to see published in Phrack ?
More hardware related hacking, there're way too many gizmos out there
these days to be ignored...
More specific uses of computers, such as aviation, space, astronomy,
particle physics, etc. There must be interesting things hiding there.
More food-for-thought kind of articles, it's somehow got neglected...
|=---=[ Shoutouts to specific (group of) peoples
The old folks from UCF and other groups, all the Q people and those I
met through them, and basically everyone I drank a beer with :).
|=---=[ Flames to specific (group of) peoples
It's all in the search engines already, for the better or worse :).
|=---=[ Quotes
On some sunny day in July 2002 (t: Theo de Raadt):
<cloder> why can't you just randomize the base
<cloder> that's what PaX does
<t> You've not been paying attention to what art's saying, or you don't
understand yet, either case is one of think it through yourself.
<cloder> whatever
Only to see poetic justice in August 2003 (ttt: Theo again):
<miod> more exactly, we heard of pax when they started bitching
<ttt> miod, that was very well spoken.
More recently, a student contemplating doing research related to
PaX/grsecurity:
<xxx> So Dr. Spafford essentially told me that it's better to work on something
simpler than to try to do research that will save the world
|=---=[ Anything more you want to say
While most of the readers are undoubtedly living a computer dominated
life, let me remind everyone that you can't have beer over the
internet. So go get out sometimes and maybe even invite the neighbour
over. For this is what builds real relationships, not electronic
substitutes.
--------[ EOF