lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <d301faa8-548e-4e8f-b8a6-c32d6a56f45b@kernel.org>
Date: Wed, 7 Feb 2024 19:35:53 +0100
From: Matthieu Baerts <matttbe@...nel.org>
To: Borislav Petkov <bp@...en8.de>, Marco Elver <elver@...gle.com>
Cc: Alexander Potapenko <glider@...gle.com>,
 Dmitry Vyukov <dvyukov@...gle.com>, kasan-dev@...glegroups.com,
 Netdev <netdev@...r.kernel.org>, Jakub Kicinski <kuba@...nel.org>,
 linux-hardening@...r.kernel.org, Kees Cook <keescook@...omium.org>,
 the arch/x86 maintainers <x86@...nel.org>
Subject: Re: KFENCE: included in x86 defconfig?

Hi Boris,

Thank you for your reply.

On 07/02/2024 19:16, Borislav Petkov wrote:
> On Wed, Feb 07, 2024 at 07:05:31PM +0100, Marco Elver wrote:
>> I think this would belong into some "hardening" config - while KFENCE
>> is not a mitigation (due to sampling) it has the performance
>> characteristics of unintrusive hardening techniques, so I think it
>> would be a good fit. I think that'd be
>> "kernel/configs/hardening.config".
> 
> Instead of doing a special config for all the parties out there, why
> don't parties simply automate their testing efforts by merging config
> snippets into the default configs using
> 
> scripts/kconfig/merge_config.sh
> 
> before they run their specialized tests?

Sorry, I'm sure I understand your suggestion: do you mean not including
KFENCE in hardening.config either, but in another one?

For the networking tests, we are already merging .config files, e.g. the
debug.config one. We are not pushing to have KFENCE in x86 defconfig, it
can be elsewhere, and we don't mind merging other .config files if they
are maintained.

Cheers,
Matt
-- 
Sponsored by the NGI0 Core fund.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ