Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 6 Nov 2015 10:15:25 -0800
From: Kees Cook <>
To: "" <>
Subject: Re: Re: Kernel Self Protection Project

On Fri, Nov 6, 2015 at 8:00 AM, Quentin Casasnovas
<> wrote:
> On 2015-11-05, Kees Cook <> wrote:
>> I'm organizing a community of people to work on the various kernel
>> self-protection technologies (most of which are found in PaX and
>> Grsecurity). I'm building on the presentation I gave at Kernel Summit
>> where I sought to convince the other upstream Linux kernel developers
>> that security is more than fixing bugs, and that we need to bring in
>> proactive defenses:
> Great initiative!
>> For now, I'm going to focus on taking a look at the PAX_SIZE_OVERFLOW
>> gcc plugin, which will also get us the gcc plugin infrastructure.
>> Other people, please speak up on what you'd like to tackle.
> Not that it's complex but I already have a branch with the gcc plugin
> infrastructure split up if you're interested and you reckon that can save
> you some time.

Sure, what's the URL?

I actually think that just splitting out features might be a good
first step all around. Most folks aren't very familiar with the
PaX/Grsec patches, and they, in their monolithic nature, can be hard
to understand. Many depend on each other, but some are separable.

I'm also hoping Emese Revfy[1] might be interested in driving
PAX_SIZE_OVERFLOW too, which would be terrific, since she's way more
qualified than me to do it. /me awaits emails. :)



Kees Cook
Chrome OS Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.