Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 27 Jan 2017 12:47:16 -0800
From: Kees Cook <>
To: Hoeun Ryu <>
Cc: Richard Weinberger <>, 
	"" <>
Subject: Re: I'd like to contribute to this project.

On Fri, Jan 27, 2017 at 11:03 AM, Hoeun Ryu <> wrote:
> On Fri, Jan 27, 2017 at 6:36 AM Kees Cook <> wrote:
>> On Thu, Jan 26, 2017 at 6:49 AM, Hoeun Ryu <> wrote:
>> > On Thu, Jan 26, 2017 at 4:41 AM, Kees Cook <> wrote:
>> >> On Wed, Jan 25, 2017 at 6:01 AM, Hoeun Ryu <> wrote:
>> >>> Hi. I'm Hoeun Ryu.
>> >>
>> >> Hi! Nice to meet you!
>> >>
>> >>> I've been reading arm/arm64 and mm/fs kernel code for the last few years.
>> >>> I stumbled upon the wiki page for this project and found this project seems
>> >>> very interesting.
>> >>> I think I can start to contibute to this project from porting small parts of
>> >>> PAX/GRSEC features that you guys haven't worked on yet.
>> >>
>> >> Sure, that would be very welcome. Are there features you're especially
>> >> interested in?
>> >>
>> >
>> > I tried to find out what features PAX/GRKERNSEC provides reading
>> > grsecurity wiki pages and the patch file today.
>> > It might take a week or two to find adequate features for me to tackle.
>> > But my guess after few hours of a brief investigation is `Deter
>> > exploit bruteforcing (GRKERNSEC_BRUTE)`
>> > Do you think the feature is worth it to you guys ? If not, please
>> > recommend others.
>> I'd really like to see this, yes. There have been attempts in the past
>> that got derailed. I strongly think it should be part of the kernel
>> (and not glibc, as got proposed):
>> I think it's worth trying it again.
> Ok. I will start to investigate the history of Richard's try for the
> feature and GRKERNSEC_BRUTE itself and how I can narrow the gap
> between the opinions.

Sounds good! Feel free to bounce ideas off this list too. :)

>> >>> I'd like to start from something trivial so I can do it in my free time.
>> >>> It's also ok to work with someone who are working on a big patch series if
>> >>> you need help.
>> >>
>> >> Just looking through the list of things on the wiki, how about this?
>> >> - add zeroing of copy_from_user on failure test to test_usercopy.c
>> >>
>> >> The issue here is that when a copy_from_user() call fails (for
>> >> whatever reason), the kernel is supposed to clear the destination
>> >> buffer with zeros to make sure nothing is accidentally exposed later
>> >> (if, say, it is copied back to userspace at a later time). We saw a
>> >> few instances where this protective copying wasn't happening, but
>> >> there was no regression test for it.
>> >>
> What are the few instances? Invaild sized accesses ?
> You mean that the regression is performance degradation ?

Sorry, meant just a test for a regression in behavior. As in, what
happens if you do something like this:

char buf[1024];

memset(buf, 'A', sizeof(buf));
copy_from_user(buf, NULL, sizeof(buf));

That copy_from_user() will fail (invalid address NULL), and the
contents of buf should be zeroed by the failing copy_from_user(). Some
architectures weren't doing this correctly, so making sure we add this
kind of a test to lib/test_usercopy.c would add some good coverage for
bugs we've fixed in the past.

>> >> Adding a test to lib/test_usercopy.c for the zeroing would be nice to
>> >> have, and should be a relatively small change.
>> >>
> What can be the test cases ?
> Performing copy_to/from_user against different kind of src/dst like
> stack, slab and simple kmalloc()ed pages and checking
> if the results are what they should be ?
> Or just checking if zeroing is done by comparing the content of memory to 0 ?

See my above example. A failed copy_from_user should zero the entire
length of the buffer that was passed in.


Kees Cook
Nexus Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.