Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 20 Apr 2017 13:58:57 -0700
From: Kees Cook <keescook@...omium.org>
To: Kaiwan N Billimoria <kaiwan@...wantech.com>, Daniel Micay <danielmicay@...il.com>
Cc: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>
Subject: Re: [RFC] mm: enable sanitizing via CONFIG

On Mon, Mar 27, 2017 at 3:54 AM, Kaiwan N Billimoria
<kaiwan@...wantech.com> wrote:
> On Thu, Mar 2, 2017 at 12:46 AM, Kees Cook <keescook@...omium.org> wrote:
>> I'd love to see someone step up and create this for upstream. I think
>> it'd make a lot of sense instead of trying to shoe-horn things into
>> SLUB...
>>
> Ok, am unsure if I clearly understand all the issues involved; but of
> course it's always better to make a start and then evolve. So, how
> exactly can this be tackled? Do we go down the "new SLUB for security"
> path? And, if yes, then how exactly does one get started? I'll need
> some pointers pl...

Well, mainly it would need someone dedicated to creating a whole new
slab allocator for the kernel, and prioritizing security for it.
Daniel has a bunch of ideas on this, but I don't know enough currently
to make suggestions for what the design should look like. Making
sanity-checks fast would be a driving principle, though. :)

-Kees

-- 
Kees Cook
Pixel Security

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ