ksummit.lists.linux.dev archive mirror
 help / color / mirror / Atom feed
From: Matthew Wilcox <willy6545@gmail.com>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Josh Armour <jarmour@google.com>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	ksummit-discuss@lists.linuxfoundation.org
Subject: Re: [Ksummit-discuss] security-related TODO items?
Date: Fri, 20 Jan 2017 20:10:40 -0500	[thread overview]
Message-ID: <CAFhKne_PFCKp_cAUfjYtaf=OG_Ya4RYY3Om_NWDHmcVZmqL47Q@mail.gmail.com> (raw)
In-Reply-To: <CALCETrVKDAzcS62wTjDOGuRUNec_a-=8iEa7QQ62V83Ce2nk=A@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 2319 bytes --]

[I swear Gmail used to have a "reply inline" option in the app]

Maybe we really want a "call this kernel function with user privilege"
ability? Such a function would be able to access only user space memory
(via get_user/...) and its own stack (all hail vmap).

All the compat code would benefit, and maybe some upper layers of ioctl
handling. Perhaps some of the filesystem parsing code would do well in this
kind of constrained environment, but it might need access to so much other
stuff we'd end up diluting the utility.

On Jan 20, 2017 19:23, "Andy Lutomirski" <luto@amacapital.net> wrote:

This is not easy at all, but: how about rewriting execve() so that the
actual binary format parsers run in user mode?

A minor one for x86: give binaries a way to opt out of the x86_64
vsyscall page.  I already did the hard part (in a branch), so all
that's really left is figuring out the ABI.

On Fri, Jan 20, 2017 at 2:38 PM, Kees Cook <keescook@chromium.org> wrote:
> Hi,
>
> I've already got various Kernel Self-Protection Project TODO items
> collected[1] (of varying size and complexity), but recently Google's
> Patch Reward Program[2] is trying to expand by helping create a bounty
> program for security-related TODOs. KSPP is just one corner of
> interest in the kernel, and I'd love to know if any other maintainers
> have TODO items that they'd like to see get done (and Google would
> potentially provide bounty money for).
>
> Let me know your security wish-lists, and I'll collect them all into a
> single place. And if there is a better place than ksummit-discuss to
> reach maintainers, I'm all ears. LKML tends to mostly just serve as a
> public archive. :)
>
> Thanks!
>
> -Kees
>
> [1] http://kernsec.org/wiki/index.php/Kernel_Self_Protection_
Project#Specific_TODO_Items
> [2] https://www.google.com/about/appsecurity/patch-rewards/
>
> --
> Kees Cook
> Nexus Security
> _______________________________________________
> Ksummit-discuss mailing list
> Ksummit-discuss@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/ksummit-discuss



--
Andy Lutomirski
AMA Capital Management, LLC
_______________________________________________
Ksummit-discuss mailing list
Ksummit-discuss@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/ksummit-discuss

[-- Attachment #2: Type: text/html, Size: 3872 bytes --]

  parent reply	other threads:[~2017-01-21  1:10 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-01-20 22:38 Kees Cook
2017-01-21  0:14 ` Andy Lutomirski
2017-01-21  0:26   ` Kees Cook
2017-01-21  1:10   ` Matthew Wilcox [this message]
2017-01-21  1:47   ` Josh Triplett
2017-01-23 10:02 ` Alexey Dobriyan
2017-01-23 10:48 ` David Howells
2017-01-23 20:10   ` Andy Lutomirski
     [not found]     ` <c1822e5b-9352-c1ab-ee98-e492ef6e156a@I-love.SAKURA.ne.jp>
2017-01-24 20:58       ` Andy Lutomirski
2017-01-23 20:36   ` David Howells
2017-01-23 20:59     ` Matthew Wilcox
2017-01-23 21:53       ` Andy Lutomirski
2017-01-23 23:26     ` Greg Ungerer
2017-01-23 20:15 ` Christoph Hellwig
2017-01-24  2:38 ` Andy Lutomirski
2017-01-24 10:03   ` Eric W. Biederman
2017-01-24 21:00     ` Andy Lutomirski
2017-01-24 21:55       ` Eric W. Biederman
2017-01-24 10:38   ` Alexey Dobriyan
     [not found]   ` <CAEiveUcTQK84qFNpYoET-cpSXJe0KYtnYQtp0uTPz=z0tc3W9A@mail.gmail.com>
2017-03-07 16:25     ` Andy Lutomirski
2017-02-02 21:12 ` David Howells

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAFhKne_PFCKp_cAUfjYtaf=OG_Ya4RYY3Om_NWDHmcVZmqL47Q@mail.gmail.com' \
    --to=willy6545@gmail.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=jarmour@google.com \
    --cc=ksummit-discuss@lists.linuxfoundation.org \
    --cc=luto@amacapital.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox