oss-sec mailing list archives

Re: Linux Kernel Defence Map

From: Alexander Popov <alex.popov () linux com>
Date: Fri, 6 Apr 2018 02:38:50 +0300

On 05.04.2018 22:20, Kees Cook wrote:

On Thu, Apr 5, 2018 at 5:32 AM, Alexander Popov <alex.popov () linux com> wrote:

On 05.04.2018 01:17, Kees Cook wrote:

"type confusion" seems weird to me, but I haven't spent a lot of time
weighing the options of the naming of these things. "Overwriting a
function pointer" is the method, and the bug is "unexpectedly
accessing userspace memory from the kernel" (which is usually
"something overwrite a pointer").


Just got an idea to call it "userspace data access". Short and simple!

I also combined SMAP/PAN and UDEREF into a cluster to reduce the number of
edges. Now it looks a bit better.

Kees, thanks again for such a cool feedback. The map is updated.


Very cool! Maybe also add an out-of-tree bubble for "Clang CFI", which
gives forward-edge protection for code-reuse...


Ok. Created a CFI cluster with RAP and Clang CFI inside.

However, I didn't manage to find any materials about applying Clang CFI to the
Linux kernel.

Thanks!
Alexander

Current thread:

Linux Kernel Defence Map Alexander Popov (Apr 04)
- Re: Linux Kernel Defence Map Kees Cook (Apr 04)
  - Re: Re: Linux Kernel Defence Map Kurt Seifried (Apr 04)
    - Re: Re: Linux Kernel Defence Map Alexander Popov (Apr 30)
  - Re: Linux Kernel Defence Map Alexander Popov (Apr 05)
    - Re: Linux Kernel Defence Map Kees Cook (Apr 05)
    - Re: Linux Kernel Defence Map Alexander Popov (Apr 05)
    - Re: Linux Kernel Defence Map Kees Cook (Apr 05)
    - Re: Linux Kernel Defence Map Alexander Popov (Apr 06)