Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 12 May 2017 12:36:00 -0700
From: Kees Cook <>
To: Loganaden Velvindron <>
Cc: Jessica Yu <>, Michael Leibowitz <>, 
	"" <>
Subject: Re: Re: [PATCH 01/18] gcc-plugins: Add the
 randstruct plugin

On Thu, May 11, 2017 at 11:37 PM, Loganaden Velvindron
<> wrote:
> I often see drivers for android phones have all kinds of security
> issues. Does this help to make it harder to exploit vulnerabilities
> and RCEs in wifi drivers for example ?

Depends on the flaw (some of the recent wifi attacks have been against
the wifi firmware itself). As documented in the changelog:

... [randstruct is a] probabilistic defense against attacks that need
to know the layout of structures within the kernel ...

And overwriting function pointers in structures is a common way to
perform attacks, which this plugin would complicate. See "executing
code" in:


Kees Cook
Pixel Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.