Re: [Security] proactive defense: using read-only memory, RO/NXmodules
From: Kees Cook
Date: Thu Nov 11 2010 - 01:58:14 EST
Hi Ingo,
On Wed, Nov 10, 2010 at 10:04:15AM +0100, Ingo Molnar wrote:
> * Kees Cook <kees.cook@xxxxxxxxxxxxx> wrote:
> > Oh, well, yes, that's a good reason. :) Where was this covered? I'd like to help
> > get it reproduced and ironed out.
>
> Matthieu Castet seems to have dusted off those patches and submitted two of them in
> this mail:
>
> Subject: [RFC] reworked NX protection for kernel data
>
> Matthieu, are you still interested in this topic?
>
> The original, broken patches were these -tip commits:
>
> 1e858c081af5: x86, mm: RO/NX protection for loadable kernel modules
> 18c60ddc9eff: x86, mm: NX protection for kernel data
> c226a2feba21: x86, mm: Set first MB as RW+NX
> b29d530510d4: x86, mm: Correcting improper large page preservation
>
> I reported one of the crashes in:
>
> Subject: Re: [tip:x86/mm] x86, mm: Set first MB as RW+NX
>
> on lkml.
Thanks for looking this up!
Can we get 1e858c081af5 and 18c60ddc9eff back in, and then work forward
from there?
-Kees
--
Kees Cook
Ubuntu Security Team
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/