Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAGXu5j+pt1x9AntHM3Z4O8V=5-So0tWj=9aoJ-kP1q0p3-s=Vw@mail.gmail.com>
Date: Thu, 17 Dec 2015 12:25:40 -0800
From: Kees Cook <keescook@...omium.org>
To: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>
Subject: Re: Introduction and task request

On Wed, Dec 16, 2015 at 1:34 AM, Reshetova, Elena
<elena.reshetova@...el.com> wrote:
> Hi everyone,
>
>
> I would like to introduce myself: I am part of Intel Open Source Technology
> Security team and I got lucky enough to have part of my time now allocated
> to this project now, so I am happy to start helping.

Hi! Welcome to the project! :)

> What would be the reasonable task for me to do?

I always suggest people work on stuff that interests them. Do you have
any specific areas you like working on, or exploits you'd like to see
stopped?

> I am quite a newbie in proper kernel development work (but not a newbie in
> platform security), so please as initial task do not through to me the
> biggest dead animal out there with the task to revive it.

Heh, understood. We'll be happy to assist you through whatever parts
you might want help with.

> It is going to be a learning exercise for me at least at the beginning, but
> I am hoping to learn fast and start bringing value to the project.

I had mentioned PAX_USERCOPY earlier. I'm not sure how much work
that'll be, but extracting it would be the first step, and you can go
from there. There's no one actively working on it at the moment, and
it would be very nice to have.

There's also the need to improve the kernel's module loader to segment
memory into rx, ro, and rw, in support of the __ro_after_init work. I
or Emese will likely get around to that, but it can probably be done
in parallel.

Or perhaps looking into the prior BPF_HARDEN work (currently this just
disables eBPF, but it used to try to defend against trivial
heap-sprays).

Thanks for joining! :)

-Kees

-- 
Kees Cook
Chrome OS & Brillo Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.