Re: [kernel-hardening] self introduction

[Gengjia Chen <chengjia4574@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 3507 bytes --]

Hi all,

My name is Jiayy (@chengjia4574 <https://twitter.com/chengjia4574>). I am
currently a security researcher in
android and linux kernel. My researches  consist on hunting vulnerabilities
in kernel code (most of them within drivers) and doing exploits using those
vulns.
I had found more than 40 vulnerabilities
<http://www.linkedin.com/in/chen-gengjia-a4411855?trk=nav_responsive_tab_profile>
which were confirmed by Android Security Team
in the past year. I also figured out some way to attack mitigation
solutions of kernel
(such as Bypass PXN <http://en.mosec.org/#speech_bg>).

Those works help me get familiar with the kernel(device tree, memory
management,
network , some features especially those associated with security such as
pxn, selinux, seccomp) and ARM instruction. However, it is not enough to
get
involved in real security development in kernel. Therefore, I am looking
for task
I can accomplish to be involved into real kernel development!  Recently I
found
this project (kernel self protection) and I thought it is so interesting.

I don't know whether I can involve and  where I can begin, I am looking
forward to
your response.


Thanks,

Jiayy

2016-10-11 5:05 GMT+08:00 Kees Cook <keescook@chromium.org>:

> On Mon, Oct 10, 2016 at 9:01 AM, Colin Vidal <colin@cvidal.org> wrote:
> >> This branch to be precise:
> >> https://github.com/ereshetova/linux-stable/tree/hardened_atomic_on_next
> >>
> >> This is where the latest code for linux-next is hosted now and where
> >> we work with David and Hans.
> >> >
> >> > >
> >> > > Please contact me if you have any questions; I'd be glad to help!
> >> >
> >> > I actually have question. :-) As far as I understand, PAX_REFCOUNT
> >> > [1] is mainly a x86-only
> >>
> >> >
> >> > No, PAX_REFCOUNT also supports a bunch of other architectures. As
> >> > far as I can tell from a quick look: ARM, MIPS, PowerPC and SPARC.
> >>
> >> Yes, just in our patch series we only made implementation for x86.
> >> But if you look into Grsecurity/PaX patches, it has support for
> >> others implemented.
> >
> > OK, got it! Thanks for this clarification.
> >
> > So, I will try to start to port PAX_REFCOUNT arm-specific features to
> > hardened_atomic_on_next, and keep you in touch. Is there a deadline?
> > (4.10 / 5.0 merge window?)
>
> You may want to compare notes with Takahiro (CCed) who may have
> started to look at arm64 (and maybe arm too).
>
> As for a deadline, as Elena says, we have no specific target. ("As
> soon as possible.") The only thing around timing that I like to see is
> persistent progress: if a patch series goes up for review, getting
> people to take a look at it, ask questions, make comments, and then
> hopefully within a week or so, the next version comes up. Momentum is
> easier to maintain than to build. ;)
>
> > Just to be sure, the patch [1] and documentation [2] of PaX are still
> > up-to-date, or there is another references I missed?
> >
> > Thanks
> >
> > Colin
> >
> > [1] https://pax.grsecurity.net/pax-linux-3.6-201210022100.patch
>
> This is a quite old version of PaX. (Note the date.) If you want to
> examine PaX separately from Grsecurity (noting differences can be
> enlightening), check here:
>
> https://www.grsecurity.net/~paxguy1/?C=M;O=D
>
> > [2] https://forums.grsecurity.net/viewtopic.php?f=7&t=4173
>
> Yes, outside of reading the code itself, I believe this to be the most
> comprehensive piece of documentation about PAX_REFCOUNT.
>
> -Kees
>
> --
> Kees Cook
> Nexus Security
>

[-- Attachment #2: Type: text/html, Size: 6708 bytes --]