Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAGXu5jJBmKiDnhV26kEZyCf+TGWnpMOvSjiYaUr1U6z0FLPJHg@mail.gmail.com>
Date: Mon, 12 Feb 2018 15:01:39 -0800
From: Kees Cook <keescook@...omium.org>
To: Ahmed Soliman <ahmedsoliman0x666@...il.com>
Cc: kernel-hardening@...ts.openwall.com, 
	Ard Biesheuvel <ard.biesheuvel@...aro.org>
Subject: Re: Hello world! Student interested in getting involved.

On Sat, Feb 10, 2018 at 11:18 AM, Ahmed Soliman
<ahmedsoliman0x666@...il.com> wrote:
> I am student, currently studying computer and communication engineering, My
> relevant academic background is undergraduate level courses in operating
> systems, system software, compiler theory, architecture, microprocessors.
> Well most of which are outdated stuff anyway but I have some ideas. My real

Welcome to the list!

> background comes from Playing CTFs in my free time (which is basically 24/7)
> doing mainly Reverse engineering and Binary exploitation, I have done 2~3
> hello world kernel exploit dev for learning. so I have the basic knowledge,

Excellent; CTFs can be extremely educational. There aren't enough
kernel CTFs, IMO. :)

> And I use hand tweaked Gentoo! I have 1 documentation kernel patch \o/.

Hey, that's a good place to start! What was fixed?

> I am exploiting the fact that we shall be doing Software Engineering course
> This semester, so to enforce myself to get started developing for the
> kernel, I was guided here though long searching journey with #kernelnewbies
> and approaching many couple of maintainers in general.
>
> I always experienced people asking me even on kernelnewbies why I want to
> write stuff for kernel, well it is just for pure fun and I like doing almost
> low level security. And low level security requires being aware with kernel.
> Please just don't try to send me off. And I hope no one gets the wrong idea
> that I am only doing this for school.

You've got the primary element: desire to work on it. :) There aren't
a lot of people interested in low level code, and even fewer
interested in security, so we'd love to help however we can.

> Anyway I am interested in this implementing KASLR for ARM, I just wanted to
> make sure that no one is working on that because this is major school
> requirement, we are assumed to deliver a self contained "something" that
> isn't ours and not someone's else.

Ard (now on CC) implemented a first-pass at this already, but it
likely needs some more tweaking and running down of any loose ends.

See here:
http://www.openwall.com/lists/kernel-hardening/2017/08/14/2

> The reason I chose this one is that I think that is the only one that I
> understand (in a very abstract level) among all of them. so it should be the
> easiest way to kick start in my opinion.
> Assuming that I am right, I wanted to state that the only ARM32 hardware I
> own is raspberry pi zero, and Qemu of course, should that be enough please
> do let me know, and I would appreciate any reading materials provided I am
> already reading through wiki but there could be hidden gems that I missed.

I'll let Ard take over; but between Qemu and real hardware you should
be set. One of the tricky parts of arm32 is how many earlier CPU types
there were, which can make some aspects more difficult to test. In the
worst case, you can just mark it as available on certain hardware.

> Also what directories that I should start exploring, this is extremely
> important for me. I was past google summer of code student. And the best
> assistance my mentors ever provided me is the folder or code files that
> Should play with.

This tends to be very interest-specific. For example, if you're
looking at memory layouts, arch/*/mm/ tends to be the place to look.
If you interested in ELF execution, that'd be kernel/fork.c and
fs/binfmt_elf.c. Usercopy hardening is include/linux/uaccess.h,
mm/usercopy.c, and arch/*/include/asm/uaccess.h, etc.

-Kees

-- 
Kees Cook
Pixel Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.