Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAGXu5j+ponF+a3aoCnLqEVfBy545BsxT4w=8KGikNCb_24ZgyQ@mail.gmail.com>
Date: Fri, 6 Nov 2015 10:15:25 -0800
From: Kees Cook <keescook@...omium.org>
To: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>
Subject: Re: Re: Kernel Self Protection Project

On Fri, Nov 6, 2015 at 8:00 AM, Quentin Casasnovas
<quentin.casasnovas@...cle.com> wrote:
> On 2015-11-05, Kees Cook <keescook@...omium.org> wrote:
>> I'm organizing a community of people to work on the various kernel
>> self-protection technologies (most of which are found in PaX and
>> Grsecurity). I'm building on the presentation I gave at Kernel Summit
>> where I sought to convince the other upstream Linux kernel developers
>> that security is more than fixing bugs, and that we need to bring in
>> proactive defenses:
>> http://lwn.net/Articles/662219/
>>
>
> Great initiative!
>
>>
>> For now, I'm going to focus on taking a look at the PAX_SIZE_OVERFLOW
>> gcc plugin, which will also get us the gcc plugin infrastructure.
>> Other people, please speak up on what you'd like to tackle.
>>
>
> Not that it's complex but I already have a branch with the gcc plugin
> infrastructure split up if you're interested and you reckon that can save
> you some time.

Sure, what's the URL?

I actually think that just splitting out features might be a good
first step all around. Most folks aren't very familiar with the
PaX/Grsec patches, and they, in their monolithic nature, can be hard
to understand. Many depend on each other, but some are separable.

I'm also hoping Emese Revfy[1] might be interested in driving
PAX_SIZE_OVERFLOW too, which would be terrific, since she's way more
qualified than me to do it. /me awaits emails. :)

-Kees

[1] https://github.com/ephox-gcc-plugins/size_overflow

-- 
Kees Cook
Chrome OS Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.