Date: Fri, 06 Nov 2015 14:28:24 +0100 From: Yves-Alexis Perez <corsac@...ian.org> To: kernel-hardening@...ts.openwall.com Cc: Solar Designer <solar@...nwall.com>, Greg KH <gregkh@...uxfoundation.org>, Ben Hutchings <ben@...adent.org.uk>, Ard Biesheuvel <ard.biesheuvel@...aro.org>, James Morris <jmorris@...ei.org> Subject: Re: Kernel Self Protection Project On jeu., 2015-11-05 at 12:59 -0800, Kees Cook wrote: > For now, I'm going to focus on taking a look at the PAX_SIZE_OVERFLOW > gcc plugin, which will also get us the gcc plugin infrastructure. > Other people, please speak up on what you'd like to tackle. Hi Kees, and first many thanks for the initiative. That's definitely something of interest for me (both personally and professionally). Something which might also be interesting in kernel self protection is the “active response” found in grsecurity (GRKERNSEC_SEC_KERN_LOCKOUT) and the “deter exploite bruteforcing” (GRKERNSEC_BRUTE), which can help prevent exploitation with repeated attempts. Some features (especially SEC_KERN_LOCKOUT) are really more useful when UDEREF and KERNEXEC are available (since those are the most severe violations one can find), but it could still apply to other violations. Regards, -- Yves-Alexis Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.