Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 20 Jan 2018 13:13:26 +0300
From: Alexander Popov <alex.popov@...ux.com>
To: Kees Cook <keescook@...omium.org>
Cc: kernel-hardening@...ts.openwall.com, PaX Team <pageexec@...email.hu>,
 Brad Spengler <spender@...ecurity.net>, Ingo Molnar <mingo@...nel.org>,
 Andy Lutomirski <luto@...nel.org>, Tycho Andersen <tycho@...ho.ws>,
 Laura Abbott <labbott@...hat.com>, Mark Rutland <mark.rutland@....com>,
 Ard Biesheuvel <ard.biesheuvel@...aro.org>, Borislav Petkov <bp@...en8.de>,
 Thomas Gleixner <tglx@...utronix.de>, "H . Peter Anvin" <hpa@...or.com>,
 Peter Zijlstra <a.p.zijlstra@...llo.nl>, "Dmitry V . Levin"
 <ldv@...linux.org>, X86 ML <x86@...nel.org>
Subject: Re: [PATCH RFC v7 0/6] Introduce the STACKLEAK feature and a test for
 it

On 19.01.2018 00:13, Kees Cook wrote:
> On Thu, Jan 18, 2018 at 5:09 AM, Alexander Popov <alex.popov@...ux.com> wrote:
>> So I don't think that (1) without (2) is actually a good feature. I would
>> propose to refrain from separating the stack erasing and the lowest_stack tracking.
> 
> How about an option to clear the _entire_ stack, then, when the plugin
> isn't available? That gives us a range of options and provides an easy
> way to compare the performance of the tracking. i.e. can compare off,
> full, and smart.

Yes, I should try it. I'll return with the results of the performance tests.
We'll discuss them; if full stack erasing is not too slow, I'll introduce it in
the 8'th version of the patch series.

Thanks!

Best regards,
Alexander

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.