Date: Fri, 21 Sep 2018 11:41:32 -0700 From: Kees Cook <keescook@...omium.org> To: Carter Cheng <cartercheng@...il.com> Cc: Kernel Hardening <kernel-hardening@...ts.openwall.com> Subject: Re: temporal and spatial locality in the kernel On Fri, Sep 21, 2018 at 10:25 AM, Carter Cheng <cartercheng@...il.com> wrote: > Hi, Welcome! > I recently attended a computer security conference for the first time and > have developed some interest in kernel hardening issues after one of the > presenters demonstrated a kernel exploit based partly around a use after > free bug. > > After scanning the literature a little bit and looking at some papers I have > encountered before on CCured and Cyclone. I was curious to what extent full > memory saftety checks are now possible. CONFIG_KASAN covers a lot of this, but wasn't itself designed for "production use". The primary concern, yes, is performance. > There are many papers going back quite a bit on spatial safety > implementations and some on temporal safety but they mainly target user > space. I am curious why such things don't exist in the linux kernel at least > as some sort of compile option. Is the slow down the main concern? > > It seems recent work has got the performance bound down to 1.29 is this > considered too slow for many things? This sounds lovely! :) I'd be curious to see patches implementing the checks you're talking about. -Kees -- Kees Cook Pixel Security
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.