Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 8 Aug 2012 10:39:30 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: Re: segoon's report #15

Vasily,

On Tue, Aug 07, 2012 at 11:30:15PM +0400, Vasily Kulikov wrote:
> Accomplishments:
> - Backported HARDEN_STACK patch, tested it on i686 kernel with
>   exec-shield, on x86_64 kernel and x86_64 userspace, on x86_64 kernel
>   and i686 userspace.
> - Suggested userspace <--> kernel API for HARDEN_VM86, implemented it.
> - Found limited "unlink" ability of CT's root in CT0, reported to
>   OpenVZ bugzilla.

Thanks for working on these.

> Priorities:
> - Discuss what PaX features we want to see in Owl kernel.
> - Discuss whether we need sysfs hardening and log spoofing protection in
>   Owl kernel.
> - Port confirmed patches to Owl kernel after owl-dev discussions.

Does this mean you're done with all other kernel hardening changes you
wanted to make this summer?

When are we getting the kernel update to RHEL6'ish into Owl?

When are we updating glibc?

I don't mean to hurry you up on these - in fact, I have difficulty
finding time to process your previous set of changes - I am merely
asking about your plans/preferences.

Thanks,

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ