Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 5 Feb 2017 22:53:05 +0530
From: Vaishali Thakkar <vaishali.thakkar@...cle.com>
To: Kees Cook <keescook@...omium.org>
Cc: Eddie Kovsky <ewk@...ovsky.org>,
        "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>
Subject: Re: Getting started

On Saturday 04 February 2017 05:43 AM, Kees Cook wrote:
> On Thu, Feb 2, 2017 at 8:28 PM, Vaishali Thakkar
> <vaishali.thakkar@...cle.com> wrote:
>> On Friday 03 February 2017 08:41 AM, Eddie Kovsky wrote:
>>>
>>> On 01/30/17, Kees Cook wrote:
>>>>
>>>> On Mon, Jan 30, 2017 at 5:41 AM, Vaishali Thakkar
>>>> <vaishali.thakkar@...cle.com> wrote:
>>>>>
>>>>> On Monday 30 January 2017 12:13 AM, Eddie Kovsky wrote:
>>>>>
>>>>>> I'm interested in helping out with this project.
>>>>>>
>>>>>> I have a few small patches in the kernel. I just finished the Eudyptula
>>>>>> Challenge and I'm looking for places where I can continue to
>>>>>> contribute.
>>>>
>>>>
>>>> Hi! Welcome to the list. :)
>>>>
>>>>>> I've been reading the list for several months now. I think I have a
>>>>>> general
>>>>>> understanding of the development process. Is there a specific TODO item
>>>>>> I
>>>>>> could start off with?
>>>>
>>>>
>>>> What areas of the kernel are you the most familiar with, and/or what
>>>> things are you interested in working on? That could help me tailor
>>>> some suggestions.
>>>>
>>>>> Here, is one TODO list:
>>>>>
>>>>> https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project
>>>>>
>>>>> Although I think few people are already working on some of these things.
>>>>> May be you can also check the archives of a mailing list.
>>>>
>>>>
>>>> The list is a bit terse (it's mostly been a brain dump as things come
>>>> up), but yeah, if you see something there and want to know more, just
>>>> ask. I'm happy to expand on any of them.
>>>>
>>>
>>> I noticed there's been some activity recently with HARDENED_USERCOPY.
>>> And I looked over how mm/usercopy.c was merged in from the grsecurity
>>> patch. I'm curious about this TODO item:
>>>
>>>      Identify and extend HARDENED_USERCOPY to other usercopy functions
>>>      (e.g. maybe csum_partial_copy_from_user, csum_and_copy_from_user,
>>>      csum_and_copy_to_user, csum_partial_copy_nocheck?)
>>>
>>> It doesn't look like anyone is working on this task right now. But it's
>>> not
>>> obvious (to me) what needs to happen to make progress with this. Would
>>> this
>>> be a good task to start off with?
>>
>>
>> Hi,
>>
>> You may want to read this thread:
>> https://patchwork.kernel.org/patch/9409557/
>>
>> Kees, may be we should remove this item from the TODO list?
>
> Hm, yeah, or rename it to "find any other APIs that look like
> copy_to/from_user()". I think Mark already looked through these. Were
> there any remaining?

AFAIK, no. May be get_user, put_user. But I guess it makes sense to
change them after uaccess unification work.

Previously I found few API functions but they were eventually calling
copy_from_user.

> As for a thing to work about how about this:
> - provide mechanism to check for ro_after_init memory areas, and
> reject structures not marked ro_after_init in vmbus_register()
>
> The idea here would be to provide a mechanism functions can call to
> verify that their arguments are const or ro_after_init. I think it'd
> look a lot like the stuff in kernel/extable.c like
> kernel_text_address(), but it'd need to ask "is this variable in the
> rodata section? (Which is complicated by dealing with module rodata
> sections.)
>
> Then vmbus_register() could be modified to require that its arguments
> are const or ro_after_init.
>
> -Kees
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.