lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 20 Sep 2017 17:03:29 +0200
From:   Solar Designer <solar@...nwall.com>
To:     Yann Droneaud <ydroneaud@...eya.com>
Cc:     riel@...hat.com, linux-kernel@...r.kernel.org,
        danielmicay@...il.com, tytso@....edu, keescook@...omium.org,
        hpa@...or.com, luto@...capital.net, mingo@...nel.org,
        x86@...nel.org, linux-arm-kernel@...ts.infradead.org,
        catalin.marinas@....com, linux-sh@...r.kernel.org,
        ysato@...rs.sourceforge.jp, kernel-hardening@...ts.openwall.com
Subject: Re: [kernel-hardening] [PATCH v2 0/5] stackprotector: ascii armor the stack canary

On Wed, Sep 20, 2017 at 01:18:04PM +0200, Yann Droneaud wrote:
> Le mardi 19 septembre 2017 ?? 19:16 +0200, Solar Designer a ??crit :
> >
> > We could put/require a NUL in the middle of the canary,
> > but with the full canary being only 64-bit at most that would also
> > make some attacks easier.
> 
> Are you suggesting to randomly select which byte to set to 0 in each
> canary ?

Definitely not.  That's only 8 different possibilities per canary, and
the weakest one will affect exploitability in each scenario.  So that
would be a fairly clear change to the worse.

I suggest that we make no further changes at this time, unless someone
comes up with an idea that would clearly hurt exploitation more than it
helps exploitation, overall across different scenarios.

Alexander

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ