Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 31 Oct 2016 07:41:04 -0400
From: Daniel Micay <danielmicay@...il.com>
To: kernel-hardening@...ts.openwall.com, oss-security@...ts.openwall.com
Subject: Re: [kernel-hardening] Re: Stack guard canary massaging

On Mon, 2016-10-31 at 12:22 +0100, Solar Designer wrote:
> On Mon, Oct 31, 2016 at 11:48:45AM +0100, Florian Weimer wrote:
> > Sorry for cross-posting.
> 
> Sorry to bikeshed, but I think this isn't a kernel-hardening topic at
> all, so the thread should continue on oss-security only, please.
> 
> Florian, if there's a reason why you think it's kernel-hardening
> related, please let me know.  To me, it looks like userspace hardening
> that is not even kernel-assisted (at least not directly in this place,
> even though the kernel may have helped provide the random numbers).
> 
> If your cross-posting was to reach more of the right people, then you
> have already done so, and they can join oss-security now. ;-)
> 
> Alexander

The kernel supports SSP but it doesn't appear to do the same thing.

arch/*/include/asm/stackprotector.h

Why do the non-x86 implementations XOR in LINUX_VERSION_CODE though? Is
it supposed to be a placeholder for a random at compile-time value? :\

It's not harmful but that's just... weird.
Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.