Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 6 Apr 2017 15:51:30 -0700
From: Kees Cook <>
To: Rik van Riel <>
Cc: James Morris <>, 
	"" <>, 
	Michael Leibowitz <>
Subject: Re: [PATCH 00/18] Introduce struct layout
 randomization plugin

On Thu, Apr 6, 2017 at 3:32 PM, Rik van Riel <> wrote:
> On Fri, 2017-04-07 at 07:54 +1000, James Morris wrote:
>> On Thu, 6 Apr 2017, Kees Cook wrote:
>> > third party kernel module builds), it still has some value there
>> > since
>> > now all kernel builds would need to be tracked by an attacker.
>> I don't see this case as providing any value.  Tracking a bunch of
>> known
>> seed values seems like a pretty low bar for an attacker.
> I agree this is not likely to provide much value for users
> of distribution kernels.
> One possible exception might be if Google started distributing
> dozens, or hundreds, of kernel variants randomly to users of
> Nexus devices, and nobody knew which variant each device was
> running.

Right, or in the distribution case, rebuilding distro kernels instead
of using the binary packages.


Kees Cook
Pixel Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.