On 09/14/2016, 06:17 PM, Kees Cook wrote: > Correct, this is a continuing effort to reduce the internal attack > surface of the kernel, where one of the most common exploitation > methods is overwriting function pointers. > > Some examples of attacks and mitigations are here: > http://kernsec.org/wiki/index.php/Exploit_Methods/Function_pointer_overwrite > > While this patch isn't a huge change, it's still a viable candidate. I > send these as I notice them, and hope that other folks will start to > see these opportunities and send more patches too. :)
I didn't object to the patch. I could imagine the use case. But putting the idea to the commit message would have made it clear. thanks, -- js suse labs
