Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 28 Apr 2016 08:16:19 -0400
From: David Windsor <dave@...gbits.org>
To: Kees Cook <keescook@...omium.org>
Cc: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>
Subject: Re: [RFC PATCH 0/5] Add PAX_REFCOUNT overflow protection

Hi,

Unfortunately, I've had much less time to work on this than originally
anticipated and have gotten basically nothing done towards v3.  I still
plan on working on it, just can't give you an ETA I can realistically
commit to.

Thanks,
David


On Thursday, April 21, 2016, Kees Cook <keescook@...omium.org> wrote:

> Hi David,
>
> On Thu, Feb 4, 2016 at 10:19 AM, Kees Cook <keescook@...omium.org
> <javascript:;>> wrote:
> > On Tue, Feb 2, 2016 at 3:33 AM, David Windsor <dave@...gbits.org
> <javascript:;>> wrote:
> >> FYI, I now have time to work on this again.
> >>
> >> Currently, I'm rebasing v2 atop linux-next.  I've already incorporated
> >> the following changes suggested during the on-list review of v2:
> >>
> >> * s/PAX_REFCOUNT/STRICT_REFCOUNT
> >> * Reordering the patchset in a more sane manner (per Greg KH)
> >> * Creation of the "Kernel Hardening" menu in Kconfig
> >> * Creation of per-architecture Kconfig option for opting in to
> STRICT_REFCOUNT
> >> * Whitespace fixes
> >>
> >> v3 is forthcoming and will be posted here as soon as I have the
> >> patchset rebased to linux-next.
> >
> > Thanks for the update!
> >
> > It may be helpful to mention in the changelog the two recent refcount
> > overflow bugs that would have been stopped by this mitigiation:
> >
> > CVE-2014-2851 https://cyseclabs.com/page?n=02012016
> > CVE-2016-0728
> http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
>
> Any news on a v3 series? I'd love to see what you've got so far.
>
> Thanks!
>
> -Kees
>
> --
> Kees Cook
> Chrome OS & Brillo Security
>

Content of type "text/html" skipped

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.