Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 6 Apr 2018 02:38:50 +0300
From: Alexander Popov <>
To: Kees Cook <>
Cc: Kurt Seifried <>,,
 James Morris <>, "Serge E. Hallyn" <>,
 Brad Spengler <>, PaX Team <>,
 "Reshetova, Elena" <>
Subject: Re: Linux Kernel Defence Map

On 05.04.2018 22:20, Kees Cook wrote:
> On Thu, Apr 5, 2018 at 5:32 AM, Alexander Popov <> wrote:
>> On 05.04.2018 01:17, Kees Cook wrote:
> "type confusion" seems weird to me, but I haven't spent a lot of time
> weighing the options of the naming of these things. "Overwriting a
> function pointer" is the method, and the bug is "unexpectedly
> accessing userspace memory from the kernel" (which is usually
> "something overwrite a pointer").

Just got an idea to call it "userspace data access". Short and simple!

I also combined SMAP/PAN and UDEREF into a cluster to reduce the number of
edges. Now it looks a bit better.

>> Kees, thanks again for such a cool feedback. The map is updated.
> Very cool! Maybe also add an out-of-tree bubble for "Clang CFI", which
> gives forward-edge protection for code-reuse...

Ok. Created a CFI cluster with RAP and Clang CFI inside.

However, I didn't manage to find any materials about applying Clang CFI to the
Linux kernel.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ