Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 7 Aug 2012 23:30:15 +0400
From: Vasily Kulikov <segoon@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: segoon's report #15

Hi,

Accomplishments:
- Backported HARDEN_STACK patch, tested it on i686 kernel with
  exec-shield, on x86_64 kernel and x86_64 userspace, on x86_64 kernel
  and i686 userspace.
- Suggested userspace <--> kernel API for HARDEN_VM86, implemented it.
- Found limited "unlink" ability of CT's root in CT0, reported to
  OpenVZ bugzilla.

Priorities:
- Discuss what PaX features we want to see in Owl kernel.
- Discuss whether we need sysfs hardening and log spoofing protection in
  Owl kernel.
- Port confirmed patches to Owl kernel after owl-dev discussions.

-- 
Vasily

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ