subject:"\[kernel\-hardening\] Re\: \[PATCH 1\/1\] Sealable memory support"

Re: [kernel-hardening] Re: [PATCH 1/1] Sealable memory support

2017-05-29 Thread Boris Lukashev

If i understand the current direction for smalloc, its to implement it without the ability to "unseal," which has implications on how LSM implementations and other users of these dynamic allocations handle things. If its implemented without a writeable interface for modules which need it, then

Re: [kernel-hardening] Re: [PATCH 1/1] Sealable memory support

2017-05-29 Thread Boris Lukashev

If i understand the current direction for smalloc, its to implement it without the ability to "unseal," which has implications on how LSM implementations and other users of these dynamic allocations handle things. If its implemented without a writeable interface for modules which need it, then

Re: [kernel-hardening] Re: [PATCH 1/1] Sealable memory support

2017-05-28 Thread Kees Cook

On Sun, May 28, 2017 at 11:56 AM, Boris Lukashev wrote: > So what about a middle ground where CoW semantics are used to enforce > the state of these allocations as RO, but provide a strictly > controlled pathway to read the RO data, copy and modify it, then write > and

Re: [kernel-hardening] Re: [PATCH 1/1] Sealable memory support

2017-05-28 Thread Kees Cook

On Sun, May 28, 2017 at 11:56 AM, Boris Lukashev wrote: > So what about a middle ground where CoW semantics are used to enforce > the state of these allocations as RO, but provide a strictly > controlled pathway to read the RO data, copy and modify it, then write > and seal into a new allocation.

Re: [kernel-hardening] Re: [PATCH 1/1] Sealable memory support

2017-05-28 Thread Boris Lukashev

One-time sealable memory makes the most sense from a defensive perspective - red team reads this stuff, the races mentioned will be implemented as described to win the day, and probably in other innovative ways. If a gap is left in the implementation, without explicit coverage by an adjacent

Re: [kernel-hardening] Re: [PATCH 1/1] Sealable memory support

2017-05-28 Thread Boris Lukashev

One-time sealable memory makes the most sense from a defensive perspective - red team reads this stuff, the races mentioned will be implemented as described to win the day, and probably in other innovative ways. If a gap is left in the implementation, without explicit coverage by an adjacent

Re: [kernel-hardening] Re: [PATCH 1/1] Sealable memory support

Re: [kernel-hardening] Re: [PATCH 1/1] Sealable memory support

Re: [kernel-hardening] Re: [PATCH 1/1] Sealable memory support

Re: [kernel-hardening] Re: [PATCH 1/1] Sealable memory support

Re: [kernel-hardening] Re: [PATCH 1/1] Sealable memory support

Re: [kernel-hardening] Re: [PATCH 1/1] Sealable memory support

6 matches

Site Navigation

Mail list logo

Footer information