Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAGXu5jK17eGgHnpP2CEvhH5BEOZ+1tKS4eSkLfXFL7VrG=r4pg@mail.gmail.com>
Date: Tue, 17 Nov 2015 09:30:21 -0800
From: Kees Cook <keescook@...omium.org>
To: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>
Subject: Re: 

On Tue, Nov 17, 2015 at 12:09 AM, Daniel Micay <danielmicay@...il.com> wrote:
>> AOSP isn't enough, and even if people did submit them there, I would
>> be one of the AOSP reviewers asking that they be upstreamed instead.
>> ;)
>
> Sure, but it's a way to proving to upstream that the features are useful
> and work well. For example, lets say x86 Android adopted the
> segmentation-based KERNEXEC/UDEREF. Lets say it actually shipped in the
> next version of Android. I am pretty sure Linus would change his
> attitude towards it. You're not going to convince him by words rather
> than actions though. Not that improving Linux on a dying architecture
> should be the priority, but it's a good example.

Right, that's absolutely a potential path to keep open. It's
effectively what happened to things like Binder. Each piece is going
to be a little different. UDEREF is (politically still) a hard sell on
x86, but arm now has CONFIG_CPU_SW_DOMAIN_PAN that covers a fair bit
of non-LPAE-arm UDEREF. (I await spender's flames now...)

So, the more we split out and test, the better. :)

-Kees

-- 
Kees Cook
Chrome OS Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.