Date: Thu, 3 Aug 2017 22:13:47 -0700 From: Kees Cook <keescook@...omium.org> To: Li Kun <hw.likun@...wei.com> Cc: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com> Subject: Re: [RFD] Is there any plan to port the RAP feature from PAX/Grsecurity to main line ? On Thu, Aug 3, 2017 at 9:23 PM, Li Kun <hw.likun@...wei.com> wrote: > Is there any plan to port the RAP feature from PAX/Grsecurity to main line ? > I think that will be a realy effective approach to protect against ROP/JOP. Yeah, RAP is pretty great! I'm not aware of anyone working on upstreaming the plugin (and its many function declaration fixes and other adjustments) currently, though. I've also been interested to see if kCFI will be published soon, which would be another option (it needs fewer kernel changes, but has limitations like needing to build the kernel twice). While the code isn't released yet, they did provide a comparison to RAP which is an interesting read. -Kees  https://github.com/kcfi/docs  https://github.com/kcfi/docs/blob/master/kcfi_vs_rap.txt -- Kees Cook Pixel Security
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.