Date: Thu, 21 Apr 2016 13:37:03 -0700 From: Kees Cook <keescook@...omium.org> To: David Windsor <dave@...gbits.org> Cc: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com> Subject: Re: [RFC PATCH v2 00/12] Add PAX_REFCOUNT overflow protection Hi David, On Thu, Feb 4, 2016 at 10:19 AM, Kees Cook <keescook@...omium.org> wrote: > On Tue, Feb 2, 2016 at 3:33 AM, David Windsor <dave@...gbits.org> wrote: >> FYI, I now have time to work on this again. >> >> Currently, I'm rebasing v2 atop linux-next. I've already incorporated >> the following changes suggested during the on-list review of v2: >> >> * s/PAX_REFCOUNT/STRICT_REFCOUNT >> * Reordering the patchset in a more sane manner (per Greg KH) >> * Creation of the "Kernel Hardening" menu in Kconfig >> * Creation of per-architecture Kconfig option for opting in to STRICT_REFCOUNT >> * Whitespace fixes >> >> v3 is forthcoming and will be posted here as soon as I have the >> patchset rebased to linux-next. > > Thanks for the update! > > It may be helpful to mention in the changelog the two recent refcount > overflow bugs that would have been stopped by this mitigiation: > > CVE-2014-2851 https://cyseclabs.com/page?n=02012016 > CVE-2016-0728 http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/ Any news on a v3 series? I'd love to see what you've got so far. Thanks! -Kees -- Kees Cook Chrome OS & Brillo Security
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.