Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 21 Sep 2018 11:41:32 -0700
From: Kees Cook <>
To: Carter Cheng <>
Cc: Kernel Hardening <>
Subject: Re: temporal and spatial locality in the kernel

On Fri, Sep 21, 2018 at 10:25 AM, Carter Cheng <> wrote:
> Hi,


> I recently attended a computer security conference for the first time and
> have developed some interest in kernel hardening issues after one of the
> presenters demonstrated a kernel exploit based partly around a use after
> free bug.
> After scanning the literature a little bit and looking at some papers I have
> encountered before on CCured and Cyclone. I was curious to what extent full
> memory saftety checks are now possible.

CONFIG_KASAN covers a lot of this, but wasn't itself designed for
"production use". The primary concern, yes, is performance.

> There are many papers going back quite a bit on spatial safety
> implementations and some on temporal safety but they mainly target user
> space. I am curious why such things don't exist in the linux kernel at least
> as some sort of compile option. Is the slow down the main concern?
> It seems recent work has got the performance bound down to 1.29 is this
> considered too slow for many things?

This sounds lovely! :) I'd be curious to see patches implementing the
checks you're talking about.


Kees Cook
Pixel Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.