kernel-hardening - Re: [PATCH 00/18] Introduce struct layout randomization plugin

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <1491517947.8850.162.camel@redhat.com>
Date: Thu, 06 Apr 2017 18:32:27 -0400
From: Rik van Riel <riel@...hat.com>
To: James Morris <jmorris@...ei.org>, Kees Cook <keescook@...omium.org>
Cc: kernel-hardening@...ts.openwall.com, Michael Leibowitz
	 <michael.leibowitz@...el.com>
Subject: Re: [PATCH 00/18] Introduce struct layout
 randomization plugin

On Fri, 2017-04-07 at 07:54 +1000, James Morris wrote:
> On Thu, 6 Apr 2017, Kees Cook wrote:
> 
> > third party kernel module builds), it still has some value there
> > since
> > now all kernel builds would need to be tracked by an attacker.
> 
> I don't see this case as providing any value.  Tracking a bunch of
> known 
> seed values seems like a pretty low bar for an attacker.

I agree this is not likely to provide much value for users
of distribution kernels.

One possible exception might be if Google started distributing
dozens, or hundreds, of kernel variants randomly to users of
Nexus devices, and nobody knew which variant each device was
running.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.