Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAGagf4d4A8ZN2hVDDUFge78D_AZKFwkh6ZCV9faEZe=DO_fwKQ@mail.gmail.com>
Date: Mon, 9 Nov 2015 14:11:35 -0500
From: Theodore Tso <tytso@...gle.com>
To: Jason Cooper <kernel-hardening@...edaemon.net>
Cc: kernel-hardening@...ts.openwall.com, Emese Revfy <re.emese@...il.com>, 
	Kees Cook <keescook@...omium.org>, PaX Team <pageexec@...email.hu>, 
	Brad Spengler <spender@...ecurity.net>, Greg KH <gregkh@...uxfoundation.org>, 
	Josh Triplett <josh@...htriplett.org>
Subject: Re: Re: Proposal for kernel self protection features

On Mon, Nov 9, 2015 at 2:02 PM, Jason Cooper <
kernel-hardening@...edaemon.net> wrote:

> /var/lib/misc/random-seed has served that role for years, I'm only
> advocating loading it earlier in the boot process.  It's *much* harder
> to guess the state of random-seed than the dtb or mac address(es)...
>

If the bootloader is willing to reach into the file system, which means (a)
having a minimal file system layer, like Grub does, and (b) can find the
block device where the file is found, that's a perfectly *fine*
implementation.    I'm not sure mobile handset vendors will be all that
psyched into either using or replicating all of Grub's functionality so it
could do that, though....

-- Ted

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.