Re: [kernel-hardening] 2015 kernel CVEs

From: Kees Cook
Date: Tue Jan 19 2016 - 18:35:13 EST

Next message: Krzysztof Kozlowski: "Re: [PATCH v2 1/3] clk: s2mps11: allocate only one structure for clock init"
Previous message: James Morris: "[GIT PULL] Security subsystem update"
In reply to: One Thousand Gnomes: "Re: [kernel-hardening] 2015 kernel CVEs"
Next in thread: Miroslav Benes: "Re: 2015 kernel CVEs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jan 19, 2016 at 3:28 AM, Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:
> Many of the use-after-free and uninitialized data bugs would be less
> harmful if we had some kernel hardening patches.

I think this nicely underscores the importance of all the hardening
efforts, especially Laura's PAX_MEMORY_SANITIZE port. And with the
recent keyring issue, having David's PAX_REFCOUNT port too. It's all
coming along (slowly). :)

-Kees

--
Kees Cook
Chrome OS & Brillo Security

Next message: Krzysztof Kozlowski: "Re: [PATCH v2 1/3] clk: s2mps11: allocate only one structure for clock init"
Previous message: James Morris: "[GIT PULL] Security subsystem update"
In reply to: One Thousand Gnomes: "Re: [kernel-hardening] 2015 kernel CVEs"
Next in thread: Miroslav Benes: "Re: 2015 kernel CVEs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]