Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 4 Aug 2017 18:31:16 +0800
From: Li Kun <hw.likun@...wei.com>
To: Kees Cook <keescook@...omium.org>
CC: "kernel-hardening@...ts.openwall.com"
	<kernel-hardening@...ts.openwall.com>
Subject: Re: [RFD] Is there any plan to port the RAP feature
 from PAX/Grsecurity to main line ?



在 2017/8/4 13:13, Kees Cook 写道:
> On Thu, Aug 3, 2017 at 9:23 PM, Li Kun <hw.likun@...wei.com> wrote:
>> Is there any plan to port the RAP feature from PAX/Grsecurity to main line ?
>> I think that will be a realy effective approach to protect against ROP/JOP.
> Yeah, RAP is pretty great! I'm not aware of anyone working on
> upstreaming the plugin (and its many function declaration fixes and
> other adjustments) currently, though.
I will try to upstream it.
If i have any progress or trouble, i will show it here:)
>
> I've also been interested to see if kCFI[1] will be published soon,
> which would be another option (it needs fewer kernel changes, but has
> limitations like needing to build the kernel twice). While the code
> isn't released yet, they did provide a comparison[2] to RAP which is
> an interesting read.
That looks awsome. Does it have any schedule to release the code?
>
> -Kees
>
> [1] https://github.com/kcfi/docs
> [2] https://github.com/kcfi/docs/blob/master/kcfi_vs_rap.txt
>

-- 
Best Regards
Li Kun

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.