Date: Fri, 4 Aug 2017 18:31:16 +0800 From: Li Kun <hw.likun@...wei.com> To: Kees Cook <keescook@...omium.org> CC: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com> Subject: Re: [RFD] Is there any plan to port the RAP feature from PAX/Grsecurity to main line ? 在 2017/8/4 13:13, Kees Cook 写道: > On Thu, Aug 3, 2017 at 9:23 PM, Li Kun <hw.likun@...wei.com> wrote: >> Is there any plan to port the RAP feature from PAX/Grsecurity to main line ? >> I think that will be a realy effective approach to protect against ROP/JOP. > Yeah, RAP is pretty great! I'm not aware of anyone working on > upstreaming the plugin (and its many function declaration fixes and > other adjustments) currently, though. I will try to upstream it. If i have any progress or trouble, i will show it here:) > > I've also been interested to see if kCFI will be published soon, > which would be another option (it needs fewer kernel changes, but has > limitations like needing to build the kernel twice). While the code > isn't released yet, they did provide a comparison to RAP which is > an interesting read. That looks awsome. Does it have any schedule to release the code? > > -Kees > >  https://github.com/kcfi/docs >  https://github.com/kcfi/docs/blob/master/kcfi_vs_rap.txt > -- Best Regards Li Kun
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.