Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 21 Apr 2016 13:37:03 -0700
From: Kees Cook <>
To: David Windsor <>
Cc: "" <>
Subject: Re: [RFC PATCH v2 00/12] Add PAX_REFCOUNT overflow protection

Hi David,

On Thu, Feb 4, 2016 at 10:19 AM, Kees Cook <> wrote:
> On Tue, Feb 2, 2016 at 3:33 AM, David Windsor <> wrote:
>> FYI, I now have time to work on this again.
>> Currently, I'm rebasing v2 atop linux-next.  I've already incorporated
>> the following changes suggested during the on-list review of v2:
>> * Reordering the patchset in a more sane manner (per Greg KH)
>> * Creation of the "Kernel Hardening" menu in Kconfig
>> * Creation of per-architecture Kconfig option for opting in to STRICT_REFCOUNT
>> * Whitespace fixes
>> v3 is forthcoming and will be posted here as soon as I have the
>> patchset rebased to linux-next.
> Thanks for the update!
> It may be helpful to mention in the changelog the two recent refcount
> overflow bugs that would have been stopped by this mitigiation:
> CVE-2014-2851
> CVE-2016-0728

Any news on a v3 series? I'd love to see what you've got so far.



Kees Cook
Chrome OS & Brillo Security

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.