Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 7 Nov 2015 22:40:39 -0800
From: Kees Cook <keescook@...omium.org>
To: Emese Revfy <re.emese@...il.com>
Cc: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, PaX Team <pageexec@...email.hu>, 
	Brad Spengler <spender@...ecurity.net>, Greg KH <gregkh@...uxfoundation.org>, 
	Theodore Tso <tytso@...gle.com>, Josh Triplett <josh@...htriplett.org>
Subject: Re: Proposal for kernel self protection features

On Sat, Nov 7, 2015 at 1:34 PM, Emese Revfy <re.emese@...il.com> wrote:
>> speak to any known bugs it stopped? Having some mention of the threat
>> it mitigates would be helpful. (Do I remember correctly that it
>> constified security_operations, which was a common target in
>> exploits?)
>
> I don't remember any bugs, but I think spender has some exploits that
> are stopped by constification :) The constify plugin stops exploits that
> want to modify ops structures to control indirect calls through them.

Yeah, just listing a few somewhere in the future patch or docs would
be cool, or we can add that to the wiki, etc. Mostly I just want to be
able to help people understand what a given mitigation could have
stopped, etc. (And given the frequency of ops structure abuse in just
the exploits I reviewed for the Kernel Summit slides, that's a lot...)
Since many people don't understand the value of exploit-blocking, it's
nice to point specifically to known exploits that would have been
blocked.

-Kees

-- 
Kees Cook
Chrome OS Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.