Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 28 Apr 2016 08:16:19 -0400
From: David Windsor <dave@...gbits.org>
To: Kees Cook <keescook@...omium.org>
Cc: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>
Subject: Re: [RFC PATCH 0/5] Add PAX_REFCOUNT overflow protection

Hi,

Unfortunately, I've had much less time to work on this than originally
anticipated and have gotten basically nothing done towards v3.  I still
plan on working on it, just can't give you an ETA I can realistically
commit to.

Thanks,
David


On Thursday, April 21, 2016, Kees Cook <keescook@...omium.org> wrote:

> Hi David,
>
> On Thu, Feb 4, 2016 at 10:19 AM, Kees Cook <keescook@...omium.org
> <javascript:;>> wrote:
> > On Tue, Feb 2, 2016 at 3:33 AM, David Windsor <dave@...gbits.org
> <javascript:;>> wrote:
> >> FYI, I now have time to work on this again.
> >>
> >> Currently, I'm rebasing v2 atop linux-next.  I've already incorporated
> >> the following changes suggested during the on-list review of v2:
> >>
> >> * s/PAX_REFCOUNT/STRICT_REFCOUNT
> >> * Reordering the patchset in a more sane manner (per Greg KH)
> >> * Creation of the "Kernel Hardening" menu in Kconfig
> >> * Creation of per-architecture Kconfig option for opting in to
> STRICT_REFCOUNT
> >> * Whitespace fixes
> >>
> >> v3 is forthcoming and will be posted here as soon as I have the
> >> patchset rebased to linux-next.
> >
> > Thanks for the update!
> >
> > It may be helpful to mention in the changelog the two recent refcount
> > overflow bugs that would have been stopped by this mitigiation:
> >
> > CVE-2014-2851 https://cyseclabs.com/page?n=02012016
> > CVE-2016-0728
> http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
>
> Any news on a v3 series? I'd love to see what you've got so far.
>
> Thanks!
>
> -Kees
>
> --
> Kees Cook
> Chrome OS & Brillo Security
>

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.