Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 18 Oct 2016 14:21:21 -0700
From: Kees Cook <keescook@...omium.org>
To: Gengjia Chen <chengjia4574@...il.com>
Cc: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, 
	Juerg Haefliger <juerg.haefliger@....com>
Subject: Re: self introduction

On Tue, Oct 18, 2016 at 4:52 AM, Gengjia Chen <chengjia4574@...il.com> wrote:
>> >2016-10-18 4:15 GMT+08:00 Kees Cook <keescook@...omium.org>:
>> >The ARM open/close depends on their use of Domains. For upstream,
>> >you'd have to examine how Domains are being used (which seems
>> >different to me).
>>
>> So, I will try to start to port pax_open_kernel/pax_close_kernel
>> arm-specific features to upstream, and keep you in touch.

Cool, feel free to post RFC patches even if they're not totally finished. :)

>> >The other work is building the in-kernel
>> >infrastructure to support write-rarely memory (likely a new section,
>> >like ro_after_init, etc).
>> >
>>
>> It seems that the constify plugin still not been ported to the lastest
>> code (v4.9-rc1),
>> If I understand, you means that a new section should be added
>> to the upstream , and cooperate with the future constify plugin (the
>> plugin automatically put those objects to that section ) ?

It hasn't been forward-ported, no, but building out the infrastructure
to support it in upstream will be needed regardless. In PaX, the
section is called .data..read_only, but I suspect that will turn out
to be a confusing name, since it's actually "write-rarely", but lives
in the .rodata section, and the open/close implementation will be used
to write to it.

The constify plugin actually moves variables into the .rodata section,
so not only does any code writing to such things need to be wrapped in
open/close calls, but the C compiler needs to be tricked into
generating sensible code (see PaX's const_cast() macro).

-Kees

-- 
Kees Cook
Nexus Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.