Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 8 Aug 2012 15:02:41 +0400
From: Vasily Kulikov <>
Subject: Re: segoon's report #15


On Wed, Aug 08, 2012 at 10:39 +0400, Solar Designer wrote:
> > Priorities:
> > - Discuss what PaX features we want to see in Owl kernel.
> > - Discuss whether we need sysfs hardening and log spoofing protection in
> >   Owl kernel.
> > - Port confirmed patches to Owl kernel after owl-dev discussions.
> Does this mean you're done with all other kernel hardening changes you
> wanted to make this summer?

Going though the list at Owl wiki:

BINFMT_ELF_AOUT (cleanup) 
32/64-bit restrictions in containers 

log spoofing protection 


HARDEN_SHM - the patch is backported into RHEL 6.3.  RHEL 6.3 update is
included into the latest 059.7 patch.  I haven't rebased to 059.7 yet,
but I'll do it before actual committing into Owl CVS.

HARDEN_LINK and HARDEN_FIFO - Kees' version of these things are already
merged into Linus' tree.  I think we should wait a bit (week?) and after
that pick the patch into Owl kernel (just to merge it with all bugfixed
which are done this week).

> When are we getting the kernel update to RHEL6'ish into Owl?

The kernel itself looks ready for update.  It needs only other packages'
fixes, which I've already committed.

> When are we updating glibc?

I think we can do it just after kernel update.  If you have something in
mind why glibc update is needed before any kernel hardening patches
porting, I can switch to glibc update.  IIRC, I've done most of update
work needed for buildworld ability, but haven't ported all Owl hardening
patches from 2.3.6.

Preparing all these patches might take some time from me, when I don't
need your attention at all.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.