From: Andy Lutomirski <luto@amacapital.net>
To: Kees Cook <keescook@chromium.org>
Cc: Josh Armour <jarmour@google.com>,
Greg KH <gregkh@linuxfoundation.org>,
"ksummit-discuss@lists.linuxfoundation.org"
<ksummit-discuss@lists.linuxfoundation.org>
Subject: Re: [Ksummit-discuss] security-related TODO items?
Date: Fri, 20 Jan 2017 16:14:25 -0800 [thread overview]
Message-ID: <CALCETrVKDAzcS62wTjDOGuRUNec_a-=8iEa7QQ62V83Ce2nk=A@mail.gmail.com> (raw)
In-Reply-To: <CAGXu5j+nVMPk3TTxLr3_6Y=5vNM0=aD+13JM_Q5POts9M7kzuw@mail.gmail.com>
This is not easy at all, but: how about rewriting execve() so that the
actual binary format parsers run in user mode?
A minor one for x86: give binaries a way to opt out of the x86_64
vsyscall page. I already did the hard part (in a branch), so all
that's really left is figuring out the ABI.
On Fri, Jan 20, 2017 at 2:38 PM, Kees Cook <keescook@chromium.org> wrote:
> Hi,
>
> I've already got various Kernel Self-Protection Project TODO items
> collected[1] (of varying size and complexity), but recently Google's
> Patch Reward Program[2] is trying to expand by helping create a bounty
> program for security-related TODOs. KSPP is just one corner of
> interest in the kernel, and I'd love to know if any other maintainers
> have TODO items that they'd like to see get done (and Google would
> potentially provide bounty money for).
>
> Let me know your security wish-lists, and I'll collect them all into a
> single place. And if there is a better place than ksummit-discuss to
> reach maintainers, I'm all ears. LKML tends to mostly just serve as a
> public archive. :)
>
> Thanks!
>
> -Kees
>
> [1] http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project#Specific_TODO_Items
> [2] https://www.google.com/about/appsecurity/patch-rewards/
>
> --
> Kees Cook
> Nexus Security
> _______________________________________________
> Ksummit-discuss mailing list
> Ksummit-discuss@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/ksummit-discuss
--
Andy Lutomirski
AMA Capital Management, LLC
next prev parent reply other threads:[~2017-01-21 0:14 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-20 22:38 Kees Cook
2017-01-21 0:14 ` Andy Lutomirski [this message]
2017-01-21 0:26 ` Kees Cook
2017-01-21 1:10 ` Matthew Wilcox
2017-01-21 1:47 ` Josh Triplett
2017-01-23 10:02 ` Alexey Dobriyan
2017-01-23 10:48 ` David Howells
2017-01-23 20:10 ` Andy Lutomirski
[not found] ` <c1822e5b-9352-c1ab-ee98-e492ef6e156a@I-love.SAKURA.ne.jp>
2017-01-24 20:58 ` Andy Lutomirski
2017-01-23 20:36 ` David Howells
2017-01-23 20:59 ` Matthew Wilcox
2017-01-23 21:53 ` Andy Lutomirski
2017-01-23 23:26 ` Greg Ungerer
2017-01-23 20:15 ` Christoph Hellwig
2017-01-24 2:38 ` Andy Lutomirski
2017-01-24 10:03 ` Eric W. Biederman
2017-01-24 21:00 ` Andy Lutomirski
2017-01-24 21:55 ` Eric W. Biederman
2017-01-24 10:38 ` Alexey Dobriyan
[not found] ` <CAEiveUcTQK84qFNpYoET-cpSXJe0KYtnYQtp0uTPz=z0tc3W9A@mail.gmail.com>
2017-03-07 16:25 ` Andy Lutomirski
2017-02-02 21:12 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CALCETrVKDAzcS62wTjDOGuRUNec_a-=8iEa7QQ62V83Ce2nk=A@mail.gmail.com' \
--to=luto@amacapital.net \
--cc=gregkh@linuxfoundation.org \
--cc=jarmour@google.com \
--cc=keescook@chromium.org \
--cc=ksummit-discuss@lists.linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox