Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAGXu5jKfe8=wmL6VFqFB8jR2pzS9EWp7Mwrt4XAEYbWcjLdjnQ@mail.gmail.com>
Date: Thu, 4 Feb 2016 10:19:55 -0800
From: Kees Cook <keescook@...omium.org>
To: David Windsor <dave@...gbits.org>
Cc: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>
Subject: Re: [RFC PATCH v2 00/12] Add PAX_REFCOUNT overflow protection

On Tue, Feb 2, 2016 at 3:33 AM, David Windsor <dave@...gbits.org> wrote:
> FYI, I now have time to work on this again.
>
> Currently, I'm rebasing v2 atop linux-next.  I've already incorporated
> the following changes suggested during the on-list review of v2:
>
> * s/PAX_REFCOUNT/STRICT_REFCOUNT
> * Reordering the patchset in a more sane manner (per Greg KH)
> * Creation of the "Kernel Hardening" menu in Kconfig
> * Creation of per-architecture Kconfig option for opting in to STRICT_REFCOUNT
> * Whitespace fixes
>
> v3 is forthcoming and will be posted here as soon as I have the
> patchset rebased to linux-next.

Thanks for the update!

It may be helpful to mention in the changelog the two recent refcount
overflow bugs that would have been stopped by this mitigiation:

CVE-2014-2851 https://cyseclabs.com/page?n=02012016
CVE-2016-0728 http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/

-Kees

-- 
Kees Cook
Chrome OS & Brillo Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.