| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 Jul 2013 20:04:44 -0400 From: Dave Jones <davej@...hat.com> To: Aaro Koskinen <aaro.koskinen@....fi> Cc: Kees Cook <keescook@...omium.org>, "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>, ksummit-2013-discuss@...ts.linuxfoundation.org, LKML <linux-kernel@...r.kernel.org> Subject: Re: [Ksummit-2013-discuss] [ARM ATTEND] catching up on exploit mitigations On Wed, Jul 31, 2013 at 02:58:34AM +0300, Aaro Koskinen wrote: > Anyway, I think it would be interesting to learn about arch-specific > bugs discovered with trinity. Quickly thinking, the results should be > mostly same regardless of the architecture since the code being tested > is generic especially when running as a regular user. But of course > there are 32/64-bit and big-endian/little-endian and such differences, > and maybe some permission bugs (likely in vendor kernels). To use ARM as an example, the bugs I've seen have mostly been in arch specific code that does things like page-table manipulation. The chromebook bugs I was hitting for eg were various kinds of PTE corruption warnings. ISTR the ia64 & sparc64 bugs it discovered long ago were also due to things like missing cache flushes, as well as trivial fence-post errors. Dave -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists