lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130731000444.GC1281@redhat.com>
Date:	Tue, 30 Jul 2013 20:04:44 -0400
From:	Dave Jones <davej@...hat.com>
To:	Aaro Koskinen <aaro.koskinen@....fi>
Cc:	Kees Cook <keescook@...omium.org>,
	"linux-arm-kernel@...ts.infradead.org" 
	<linux-arm-kernel@...ts.infradead.org>,
	ksummit-2013-discuss@...ts.linuxfoundation.org,
	LKML <linux-kernel@...r.kernel.org>
Subject: Re: [Ksummit-2013-discuss] [ARM ATTEND] catching up on exploit
 mitigations

On Wed, Jul 31, 2013 at 02:58:34AM +0300, Aaro Koskinen wrote:

 > Anyway, I think it would be interesting to learn about arch-specific
 > bugs discovered with trinity. Quickly thinking, the results should be
 > mostly same regardless of the architecture since the code being tested
 > is generic especially when running as a regular user. But of course
 > there are 32/64-bit and big-endian/little-endian and such differences,
 > and maybe some permission bugs (likely in vendor kernels).

To use ARM as an example, the bugs I've seen have mostly been in arch specific
code that does things like page-table manipulation.  The chromebook bugs I
was hitting for eg were various kinds of PTE corruption warnings. 

ISTR the ia64 & sparc64 bugs it discovered long ago were also due to
things like missing cache flushes, as well as trivial fence-post errors.

	Dave

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ