Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 7 Nov 2015 22:40:39 -0800
From: Kees Cook <>
To: Emese Revfy <>
Cc: "" <>, PaX Team <>, 
	Brad Spengler <>, Greg KH <>, 
	Theodore Tso <>, Josh Triplett <>
Subject: Re: Proposal for kernel self protection features

On Sat, Nov 7, 2015 at 1:34 PM, Emese Revfy <> wrote:
>> speak to any known bugs it stopped? Having some mention of the threat
>> it mitigates would be helpful. (Do I remember correctly that it
>> constified security_operations, which was a common target in
>> exploits?)
> I don't remember any bugs, but I think spender has some exploits that
> are stopped by constification :) The constify plugin stops exploits that
> want to modify ops structures to control indirect calls through them.

Yeah, just listing a few somewhere in the future patch or docs would
be cool, or we can add that to the wiki, etc. Mostly I just want to be
able to help people understand what a given mitigation could have
stopped, etc. (And given the frequency of ops structure abuse in just
the exploits I reviewed for the Kernel Summit slides, that's a lot...)
Since many people don't understand the value of exploit-blocking, it's
nice to point specifically to known exploits that would have been


Kees Cook
Chrome OS Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.