From: Solar Designer <solar@openwall.com>
To: kernel-hardening@lists.openwall.com
Subject: Re: [kernel-hardening] Introduction
Date: Fri, 18 Dec 2015 04:00:03 +0300 [thread overview]
Message-ID: <20151218010003.GA19179@openwall.com> (raw)
In-Reply-To: <CAGXu5j+mTVrtDXbGtF=-nyAxnTe2YDL4PyUnJw+vfXX_ZVzwxg@mail.gmail.com>
On Thu, Dec 17, 2015 at 04:36:21PM -0800, Kees Cook wrote:
> On Thu, Dec 17, 2015 at 3:34 PM, Leibowitz, Michael wrote:
> > I'm Interested in working on struct randomization ala RANDSTRUCT.
> > Does this seem like a suitable task?
>
> I certainly wouldn't turn it down, but I would observe that it has
> some limited utility to users of the kernel that produce binary
> builds. e.g. all the given builds of Ubuntu with RANDSTRUCT would be
> the same (though the next released version would see a different
> randomization, etc).
OTOH, it allows for a randomized-kernel-builds-as-a-service model, which
IIRC is something grsecurity was/is offering. If the feature is
upstream'ed, perhaps there will be more setups of this sort, including
within a handful of organizations for their own use.
So I am in favor of Michael working on this feature.
> Since there's no hardening tree yet, there's no maintainer, but since
> I'm trying to drive the kernel self-protection project here, I'll
> self-nominate myself as "hardening maintainer", FWIW. ;)
I appreciate your effort on this, Kees!
Alexander
next prev parent reply other threads:[~2015-12-18 1:00 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-17 23:34 [kernel-hardening] Introduction Leibowitz, Michael
2015-12-18 0:36 ` Kees Cook
2015-12-18 0:48 ` Daniel Micay
2015-12-18 16:54 ` Schaufler, Casey
2015-12-18 21:11 ` Kees Cook
2015-12-18 1:00 ` Solar Designer [this message]
2015-12-18 2:42 ` David Windsor
-- strict thread matches above, loose matches on Subject: below --
2017-01-12 15:06 park jinbum
2017-01-12 16:06 ` Mark Rutland
2017-01-13 8:23 ` AKASHI, Takahiro
2017-01-13 17:54 ` Kees Cook
2017-01-13 18:51 ` PaX Team
2017-01-13 19:06 ` Kees Cook
2017-01-13 19:26 ` Kees Cook
2017-01-13 20:38 ` Kees Cook
2017-01-13 23:09 ` PaX Team
2017-01-13 23:15 ` Kees Cook
2017-01-14 10:10 ` PaX Team
2017-01-17 17:32 ` Kees Cook
2017-01-17 18:43 ` PaX Team
2017-01-13 20:35 ` PaX Team
2017-01-13 21:57 ` Daniel Micay
2017-01-13 22:04 ` Kees Cook
2017-01-24 0:06 Jessica Frazelle
2017-01-25 19:37 ` Kees Cook
2017-01-26 4:12 ` Jessica Frazelle
2017-01-26 21:42 ` Kees Cook
2017-01-27 19:14 ` Jessica Frazelle
2017-01-30 20:02 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151218010003.GA19179@openwall.com \
--to=solar@openwall.com \
--cc=kernel-hardening@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.