|
Message-ID: <CAGXu5j+Fwa8kP7Lb+wcg=z1ovvpxHCr2UoOzOx0dTVXbKeeB4A@mail.gmail.com> Date: Tue, 18 Oct 2016 14:21:21 -0700 From: Kees Cook <keescook@...omium.org> To: Gengjia Chen <chengjia4574@...il.com> Cc: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, Juerg Haefliger <juerg.haefliger@....com> Subject: Re: self introduction On Tue, Oct 18, 2016 at 4:52 AM, Gengjia Chen <chengjia4574@...il.com> wrote: >> >2016-10-18 4:15 GMT+08:00 Kees Cook <keescook@...omium.org>: >> >The ARM open/close depends on their use of Domains. For upstream, >> >you'd have to examine how Domains are being used (which seems >> >different to me). >> >> So, I will try to start to port pax_open_kernel/pax_close_kernel >> arm-specific features to upstream, and keep you in touch. Cool, feel free to post RFC patches even if they're not totally finished. :) >> >The other work is building the in-kernel >> >infrastructure to support write-rarely memory (likely a new section, >> >like ro_after_init, etc). >> > >> >> It seems that the constify plugin still not been ported to the lastest >> code (v4.9-rc1), >> If I understand, you means that a new section should be added >> to the upstream , and cooperate with the future constify plugin (the >> plugin automatically put those objects to that section ) ? It hasn't been forward-ported, no, but building out the infrastructure to support it in upstream will be needed regardless. In PaX, the section is called .data..read_only, but I suspect that will turn out to be a confusing name, since it's actually "write-rarely", but lives in the .rodata section, and the open/close implementation will be used to write to it. The constify plugin actually moves variables into the .rodata section, so not only does any code writing to such things need to be wrapped in open/close calls, but the C compiler needs to be tricked into generating sensible code (see PaX's const_cast() macro). -Kees -- Kees Cook Nexus Security
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.