Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 08 Nov 2015 11:39:11 +0100
From: Yves-Alexis Perez <>
Cc: Solar Designer <>, Greg KH
 <>,  Ben Hutchings <>, Ard
 Biesheuvel <>, James Morris <>,
 Richard Weinberger <>, Andy Lutomirski <>
Subject: Re: Kernel Self Protection Project

On ven., 2015-11-06 at 10:11 -0800, Kees Cook wrote:
> I think GRKERNSEC_KERN_LOCKOUT is kind of on both sides of the
> kernel/userspace defense fence. For now, I think the granularity of
> response for KSPP-ported features will likely just be a full system
> Oops. But I suspect once more of them land, we'll want the finer
> granularity that GRKERNSEC_KERN_LOCKOUT provides.

Yes I was really mentioning GRKERNSEC_BRUTE because it looks similar
to GRKERNSEC_KERN_LOCKOUT but I was more interested by the latter in the
current context. In any case (whether we want fine-grained stuff or not), I
think we definitely need a way to prevent repeated exploit attempts.


Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.