From: Quentin Casasnovas <quentin.casasnovas@oracle.com>
To: kernel-hardening@lists.openwall.com
Subject: [kernel-hardening] Re: Kernel Self Protection Project
Date: Sat, 7 Nov 2015 09:52:29 +0000 (UTC) [thread overview]
Message-ID: <n1khkt$lc7$1@ger.gmane.org> (raw)
In-Reply-To: CAGXu5j+ponF+a3aoCnLqEVfBy545BsxT4w=8KGikNCb_24ZgyQ@mail.gmail.com
On 2015-11-06, Kees Cook <keescook@chromium.org> wrote:
> On Fri, Nov 6, 2015 at 8:00 AM, Quentin Casasnovas
><quentin.casasnovas@oracle.com> wrote:
>>>
>>> For now, I'm going to focus on taking a look at the PAX_SIZE_OVERFLOW
>>> gcc plugin, which will also get us the gcc plugin infrastructure.
>>> Other people, please speak up on what you'd like to tackle.
>>>
>>
>> Not that it's complex but I already have a branch with the gcc plugin
>> infrastructure split up if you're interested and you reckon that can save
>> you some time.
>
> Sure, what's the URL?
>
I've pushed the three of them onto:
https://github.com/casasnovas/linux/commits/quentin-spk-gcc-plugin
It lacks Documentation for now, but you can have a look at the branch
quentin-fuzz-gccplugin which adds an instrumentation plugin (converted from
the gcc patch[1] Dmitry Vyukov wrote for syzkaller[2]).
Adding a plugin should be simple, add its name to $(HOSTLIBS)-y, and use
the regular kbuild system way to specify from which source files it is
built, CFLAGS, etc.
$(HOSTLIBS)-y = foo.so
foo-objs = foo.c bar.c
And then to have some compilations units be compiled using foo.so, they
just need the following in their CFLAGS:
-fplugin=$(objtree)/path/to/foo.so
[1] https://codereview.appspot.com/267910043
[2] https://github.com/google/syzkaller
All of this is taken from the grsecurity/PaX Team patchset.
>
> I actually think that just splitting out features might be a good
> first step all around. Most folks aren't very familiar with the
> PaX/Grsec patches, and they, in their monolithic nature, can be hard
> to understand. Many depend on each other, but some are separable.
>
Agreed, that should be a required step before people can review.
> I'm also hoping Emese Revfy[1] might be interested in driving
> PAX_SIZE_OVERFLOW too, which would be terrific, since she's way more
> qualified than me to do it. /me awaits emails. :)
>
> -Kees
>
> [1] https://github.com/ephox-gcc-plugins/size_overflow
>
Quentin
next prev parent reply other threads:[~2015-11-07 9:52 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-05 20:59 [kernel-hardening] Kernel Self Protection Project Kees Cook
2015-11-05 21:14 ` David Windsor
2015-11-06 19:37 ` Kees Cook
2015-11-06 19:42 ` Greg KH
2015-11-06 13:28 ` Yves-Alexis Perez
2015-11-06 18:11 ` Kees Cook
2015-11-06 18:32 ` Richard Weinberger
2015-11-08 10:39 ` Yves-Alexis Perez
2015-11-06 16:00 ` [kernel-hardening] " Quentin Casasnovas
2015-11-06 18:15 ` Kees Cook
2015-11-07 9:52 ` Quentin Casasnovas [this message]
2015-11-08 6:50 ` Kees Cook
2015-11-08 10:45 ` Quentin Casasnovas
2015-11-09 21:29 ` Kees Cook
2015-11-09 21:44 ` Valdis.Kletnieks
2015-11-09 21:55 ` David Windsor
2015-11-09 23:35 ` Kees Cook
2015-11-10 8:32 ` Quentin Casasnovas
2015-11-09 23:36 ` Kees Cook
2015-11-09 10:02 ` Rasmus Villemoes
2015-11-09 10:33 ` Quentin Casasnovas
2015-11-09 19:24 ` Rasmus Villemoes
2015-11-09 21:34 ` Kees Cook
2015-11-09 21:59 ` [kernel-hardening] Binary blobs HacKurx
2015-11-09 22:20 ` Valdis.Kletnieks
2015-11-09 23:33 ` Kees Cook
2015-11-13 8:04 ` HacKurx
2015-11-13 8:07 ` Daniel Micay
2015-11-13 8:55 ` HacKurx
2015-11-06 21:27 ` [kernel-hardening] Kernel Self Protection Project Mickaël Salaün
2015-11-06 22:04 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='n1khkt$lc7$1@ger.gmane.org' \
--to=quentin.casasnovas@oracle.com \
--cc=kernel-hardening@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.