Date: Sun, 08 Nov 2015 11:39:11 +0100 From: Yves-Alexis Perez <corsac@...ian.org> To: kernel-hardening@...ts.openwall.com Cc: Solar Designer <solar@...nwall.com>, Greg KH <gregkh@...uxfoundation.org>, Ben Hutchings <ben@...adent.org.uk>, Ard Biesheuvel <ard.biesheuvel@...aro.org>, James Morris <jmorris@...ei.org>, Richard Weinberger <richard@....at>, Andy Lutomirski <luto@...capital.net> Subject: Re: Kernel Self Protection Project On ven., 2015-11-06 at 10:11 -0800, Kees Cook wrote: > I think GRKERNSEC_KERN_LOCKOUT is kind of on both sides of the > kernel/userspace defense fence. For now, I think the granularity of > response for KSPP-ported features will likely just be a full system > Oops. But I suspect once more of them land, we'll want the finer > granularity that GRKERNSEC_KERN_LOCKOUT provides. Yes I was really mentioning GRKERNSEC_BRUTE because it looks similar to GRKERNSEC_KERN_LOCKOUT but I was more interested by the latter in the current context. In any case (whether we want fine-grained stuff or not), I think we definitely need a way to prevent repeated exploit attempts. Regards, -- Yves-Alexis Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.