lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20101106182852.GC5327@outflux.net>
Date:	Sat, 6 Nov 2010 11:28:52 -0700
From:	Kees Cook <kees.cook@...onical.com>
To:	Rusty Russell <rusty@...tcorp.com.au>
Cc:	"H. Peter Anvin" <hpa@...or.com>,
	Siarhei Liakh <sliakh.lkml@...il.com>,
	linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org, linux-next@...r.kernel.org,
	Arjan van de Ven <arjan@...radead.org>,
	James Morris <jmorris@...ei.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Andi Kleen <ak@....de>, Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...e.hu>,
	Stephen Rothwell <sfr@...b.auug.org.au>,
	Dave Jones <davej@...hat.com>
Subject: RO/NX protection for loadable kernel modules

Peter, anyone? What is the state of this? I can see it in the tip tree,
but it doesn't appear associated with a branch. What will it take to
get this into Linus's tree?

http://git.kernel.org/?p=linux/kernel/git/x86/linux-2.6-tip.git;a=commitdiff;h=65187d24fa3ef60f691f847c792e8eaca7e19251

This feature is needed before the function-pointer const-ification patches
will really have any meaning.

Thanks,

-Kees

On Tue, Oct 19, 2010 at 09:45:39PM -0700, Kees Cook wrote:
> On Mon, Feb 08, 2010 at 11:59:44AM +1030, Rusty Russell wrote:
> > On Tue, 2 Feb 2010 04:36:49 pm H. Peter Anvin wrote:
> > > On 02/01/2010 07:59 PM, Rusty Russell wrote:
> > > > On Tue, 2 Feb 2010 10:09:53 am Siarhei Liakh wrote:
> > > >> This patch is a logical extension of the protection provided by
> > > >> CONFIG_DEBUG_RODATA to LKMs. The protection is provided by splitting
> > > >> module_core and module_init into three logical parts each and setting
> > > >> appropriate page access permissions for each individual section:
> > > >>
> > > >>   1. Code: RO+X
> > > >>   2. RO data: RO+NX
> > > >>   3. RW data: RW+NX
> > > >
> > > > Thanks, applied!
> > > 
> > > I also applied this to the -tip tree... do you prefer to carry it or 
> > > should I leave it as is?
> > 
> > I'm always happy for you to do my work for me!  There are no other module
> > patches likely to conflict.
> > 
> > Acked-by: Rusty Russell <rusty@...tcorp.com.au>
> 
> Sorry for losing track, but where did this patch end up? I don't see it
> in any of the trees I've looked in.

-- 
Kees Cook
Ubuntu Security Team
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ