Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAGXu5jKy91CVe7KeeVedEHteZRv8h7o_gF7GEVCz7D=RCj+9qg@mail.gmail.com>
Date: Thu, 21 Apr 2016 13:37:03 -0700
From: Kees Cook <keescook@...omium.org>
To: David Windsor <dave@...gbits.org>
Cc: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>
Subject: Re: [RFC PATCH v2 00/12] Add PAX_REFCOUNT overflow protection

Hi David,

On Thu, Feb 4, 2016 at 10:19 AM, Kees Cook <keescook@...omium.org> wrote:
> On Tue, Feb 2, 2016 at 3:33 AM, David Windsor <dave@...gbits.org> wrote:
>> FYI, I now have time to work on this again.
>>
>> Currently, I'm rebasing v2 atop linux-next.  I've already incorporated
>> the following changes suggested during the on-list review of v2:
>>
>> * s/PAX_REFCOUNT/STRICT_REFCOUNT
>> * Reordering the patchset in a more sane manner (per Greg KH)
>> * Creation of the "Kernel Hardening" menu in Kconfig
>> * Creation of per-architecture Kconfig option for opting in to STRICT_REFCOUNT
>> * Whitespace fixes
>>
>> v3 is forthcoming and will be posted here as soon as I have the
>> patchset rebased to linux-next.
>
> Thanks for the update!
>
> It may be helpful to mention in the changelog the two recent refcount
> overflow bugs that would have been stopped by this mitigiation:
>
> CVE-2014-2851 https://cyseclabs.com/page?n=02012016
> CVE-2016-0728 http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/

Any news on a v3 series? I'd love to see what you've got so far.

Thanks!

-Kees

-- 
Kees Cook
Chrome OS & Brillo Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.