From: Daniel Micay <danielmicay@gmail.com>
To: kernel-hardening@lists.openwall.com
Subject: Re: [kernel-hardening] Introduction
Date: Thu, 17 Dec 2015 19:48:58 -0500 [thread overview]
Message-ID: <1450399738.3054.10.camel@gmail.com> (raw)
In-Reply-To: <CAGXu5j+mTVrtDXbGtF=-nyAxnTe2YDL4PyUnJw+vfXX_ZVzwxg@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2250 bytes --]
On Thu, 2015-12-17 at 16:36 -0800, Kees Cook wrote:
> On Thu, Dec 17, 2015 at 3:34 PM, Leibowitz, Michael
> <michael.leibowitz@intel.com> wrote:
> > I work in Intel's Open Source Technology center, along with my
> > colleague, Elena Reshetova. I'm reasonably new real-life kernel
> > development, having previously just mucked about. Otherwise, I'm a
> > long-time open source/security trouble maker.
>
> Hi! Welcome! :)
>
> > I'm Interested in working on struct randomization ala RANDSTRUCT.
> > Does this seem like a suitable task?
>
> I certainly wouldn't turn it down, but I would observe that it has
> some limited utility to users of the kernel that produce binary
> builds. e.g. all the given builds of Ubuntu with RANDSTRUCT would be
> the same (though the next released version would see a different
> randomization, etc). It also complicates externally built modules. I
> see it depends on HIDESYM, though, which in turn depends on
> PAX_USERCOPY, so it would be much weaker without these two finished
> first.
>
> All that said, it might still be an interesting piece to extract. It
> would make automated cross-distro or cross-version attacks much more
> difficult to mount and has in the past exposed some bugs. (e.g.
> missing container_of() uses, etc.)
AFAIK spender was planning on implementing stack frame layout
randomization too (not sure if it's done yet) and that wouldn't have the
same ABI implications. They could be offered separately.
LLVM also has some code diversity stuff in progress like randomizing instruction scheduling to an extent (can at least determine any of the arbitrary decisions with random choices), and it would make sense for GCC too.
It can be more useful for builds distributions as binaries than it
seems. Making 256 or more builds with the tarballs padded out to the
same size and distributing them via encryption connections wouldn't be
difficult. It would be more difficult to implement for Android and
ChromeOS since they use delta updates but it could be done by having a
bunch of different release channels for each device. It might really
screw up delta updates if it's used across the system though, but the
kernel alone wouldn't be that bad.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2015-12-18 0:48 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-17 23:34 [kernel-hardening] Introduction Leibowitz, Michael
2015-12-18 0:36 ` Kees Cook
2015-12-18 0:48 ` Daniel Micay [this message]
2015-12-18 16:54 ` Schaufler, Casey
2015-12-18 21:11 ` Kees Cook
2015-12-18 1:00 ` Solar Designer
2015-12-18 2:42 ` David Windsor
-- strict thread matches above, loose matches on Subject: below --
2017-01-12 15:06 park jinbum
2017-01-12 16:06 ` Mark Rutland
2017-01-13 8:23 ` AKASHI, Takahiro
2017-01-13 17:54 ` Kees Cook
2017-01-13 18:51 ` PaX Team
2017-01-13 19:06 ` Kees Cook
2017-01-13 19:26 ` Kees Cook
2017-01-13 20:38 ` Kees Cook
2017-01-13 23:09 ` PaX Team
2017-01-13 23:15 ` Kees Cook
2017-01-14 10:10 ` PaX Team
2017-01-17 17:32 ` Kees Cook
2017-01-17 18:43 ` PaX Team
2017-01-13 20:35 ` PaX Team
2017-01-13 21:57 ` Daniel Micay
2017-01-13 22:04 ` Kees Cook
2017-01-24 0:06 Jessica Frazelle
2017-01-25 19:37 ` Kees Cook
2017-01-26 4:12 ` Jessica Frazelle
2017-01-26 21:42 ` Kees Cook
2017-01-27 19:14 ` Jessica Frazelle
2017-01-30 20:02 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1450399738.3054.10.camel@gmail.com \
--to=danielmicay@gmail.com \
--cc=kernel-hardening@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.