Kernel-hardening archive on lore.kernel.org
 help / color / Atom feed
* Hello Kernel Hardening
@ 2019-07-31  6:52 Rick Mark
  2019-07-31  9:18 ` Greg KH
  0 siblings, 1 reply; 7+ messages in thread
From: Rick Mark @ 2019-07-31  6:52 UTC (permalink / raw)
  To: kernel-hardening

Per the instructions in the get involved I'm here saying hello.

My name is Rick Mark, currently a security engineer at Dropbox in SF.

I've been toying around with various things I've found in the wild
over the years and recently put together this CC Attribution paper
'Security Critical Kernel Object Confidentiality and Integrity'
(https://dbx.link/sckoci).

I've been playing with a reference implementation and filling out
the paper as I go, so I'm here to add a new area of defense to the
Linux kernel.  If you find the work interesting, I'm happy to have
people sherpa me though the kernel contribution process, help with
implementing the reference or production version or even just
co-authors to help with the paper.

Best
R

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Hello Kernel Hardening
  2019-07-31  6:52 Hello Kernel Hardening Rick Mark
@ 2019-07-31  9:18 ` Greg KH
  2019-07-31 19:55   ` Kees Cook
  2019-07-31 20:33   ` Rick Mark
  0 siblings, 2 replies; 7+ messages in thread
From: Greg KH @ 2019-07-31  9:18 UTC (permalink / raw)
  To: Rick Mark; +Cc: kernel-hardening

On Wed, Jul 31, 2019 at 06:52:04AM +0000, Rick Mark wrote:
> Per the instructions in the get involved I'm here saying hello.
> 
> My name is Rick Mark, currently a security engineer at Dropbox in SF.
> 
> I've been toying around with various things I've found in the wild
> over the years and recently put together this CC Attribution paper
> 'Security Critical Kernel Object Confidentiality and Integrity'
> (https://dbx.link/sckoci).

Link needs permissions to view it :(

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Hello Kernel Hardening
  2019-07-31  9:18 ` Greg KH
@ 2019-07-31 19:55   ` Kees Cook
  2019-07-31 20:33   ` Rick Mark
  1 sibling, 0 replies; 7+ messages in thread
From: Kees Cook @ 2019-07-31 19:55 UTC (permalink / raw)
  To: Greg KH; +Cc: Rick Mark, kernel-hardening

On Wed, Jul 31, 2019 at 11:18:18AM +0200, Greg KH wrote:
> On Wed, Jul 31, 2019 at 06:52:04AM +0000, Rick Mark wrote:
> > Per the instructions in the get involved I'm here saying hello.
> > 
> > My name is Rick Mark, currently a security engineer at Dropbox in SF.

Hi Rick! Thanks for joining in the fun. :)

> > I've been toying around with various things I've found in the wild
> > over the years and recently put together this CC Attribution paper
> > 'Security Critical Kernel Object Confidentiality and Integrity'
> > (https://dbx.link/sckoci).
> 
> Link needs permissions to view it :(

Heh, same for me. Let us know when we can view it...

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Hello Kernel Hardening
  2019-07-31  9:18 ` Greg KH
  2019-07-31 19:55   ` Kees Cook
@ 2019-07-31 20:33   ` Rick Mark
  2019-08-01  5:54     ` Greg KH
  1 sibling, 1 reply; 7+ messages in thread
From: Rick Mark @ 2019-07-31 20:33 UTC (permalink / raw)
  To: Greg KH; +Cc: kernel-hardening

[-- Attachment #1: Type: text/plain, Size: 1048 bytes --]

Sorry, didn’t realize the Dropbox link shortener required login.  Full link:


https://paper.dropbox.com/doc/Security-Critical-Kernel-Object-Confidentiality-and-Integrity-akFs9yNQ8YxLKP3BEaHZ8


Sent from my iPad

On Jul 31, 2019, at 2:18 AM, Greg KH <gregkh@linuxfoundation.org> wrote:

On Wed, Jul 31, 2019 at 06:52:04AM +0000, Rick Mark wrote:
Per the instructions in the get involved I'm here saying hello.

My name is Rick Mark, currently a security engineer at Dropbox in SF.

I've been toying around with various things I've found in the wild
over the years and recently put together this CC Attribution paper
'Security Critical Kernel Object Confidentiality and Integrity'
(https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdbx.link%2Fsckoci&amp;data=02%7C01%7C%7C0c28197df0bb4ec190cc08d7159808da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637001615036036177&amp;sdata=wmQJHRL9tNwFVden9P2TrrySSQX%2F4Ukd3eKnYfTCUTM%3D&amp;reserved=0).

Link needs permissions to view it :(

thanks,

greg k-h

[-- Attachment #2: Type: text/html, Size: 2167 bytes --]

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body dir="auto" role="textbox" aria-label="Message Body">
Sorry, didn’t realize the Dropbox link shortener required login. &nbsp;Full link:
<div><br>
</div>
<div><br>
<a href="https://paper.dropbox.com/doc/Security-Critical-Kernel-Object-Confidentiality-and-Integrity-akFs9yNQ8YxLKP3BEaHZ8">https://paper.dropbox.com/doc/Security-Critical-Kernel-Object-Confidentiality-and-Integrity-akFs9yNQ8YxLKP3BEaHZ8</a></div>
<div><br>
</div>
<div><br>
<div dir="ltr">Sent from my iPad</div>
<div dir="ltr"><br>
<blockquote type="cite">On Jul 31, 2019, at 2:18 AM, Greg KH &lt;gregkh@linuxfoundation.org&gt; wrote:<br>
<br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr"><span>On Wed, Jul 31, 2019 at 06:52:04AM &#43;0000, Rick Mark wrote:</span><br>
<blockquote type="cite"><span>Per the instructions in the get involved I'm here saying hello.</span><br>
</blockquote>
<blockquote type="cite"><span></span><br>
</blockquote>
<blockquote type="cite"><span>My name is Rick Mark, currently a security engineer at Dropbox in SF.</span><br>
</blockquote>
<blockquote type="cite"><span></span><br>
</blockquote>
<blockquote type="cite"><span>I've been toying around with various things I've found in the wild</span><br>
</blockquote>
<blockquote type="cite"><span>over the years and recently put together this CC Attribution paper</span><br>
</blockquote>
<blockquote type="cite"><span>'Security Critical Kernel Object Confidentiality and Integrity'</span><br>
</blockquote>
<blockquote type="cite"><span>(https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdbx.link%2Fsckoci&amp;amp;data=02%7C01%7C%7C0c28197df0bb4ec190cc08d7159808da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637001615036036177&amp;amp;sdata=wmQJHRL9tNwFVden9P2TrrySSQX%2F4Ukd3eKnYfTCUTM%3D&amp;amp;reserved=0).</span><br>
</blockquote>
<span></span><br>
<span>Link needs permissions to view it :(</span><br>
<span></span><br>
<span>thanks,</span><br>
<span></span><br>
<span>greg k-h</span><br>
</div>
</blockquote>
</div>
</body>
</html>

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Hello Kernel Hardening
  2019-07-31 20:33   ` Rick Mark
@ 2019-08-01  5:54     ` Greg KH
  2019-08-01 20:00       ` Rick Mark
  0 siblings, 1 reply; 7+ messages in thread
From: Greg KH @ 2019-08-01  5:54 UTC (permalink / raw)
  To: Rick Mark; +Cc: kernel-hardening

On Wed, Jul 31, 2019 at 08:33:59PM +0000, Rick Mark wrote:
> Sorry, didn’t realize the Dropbox link shortener required login.  Full link:
> 
> 
> https://paper.dropbox.com/doc/Security-Critical-Kernel-Object-Confidentiality-and-Integrity-akFs9yNQ8YxLKP3BEaHZ8

That works better, thanks!

As always, why not knock up a working prototype of your idea first and
post it?  That's how we work with kernel development.  Lots of people
have random ideas, but to see if they actually work you need a working
patch.

good luck!

greg k-h

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Hello Kernel Hardening
  2019-08-01  5:54     ` Greg KH
@ 2019-08-01 20:00       ` Rick Mark
  2019-08-01 20:25         ` Greg KH
  0 siblings, 1 reply; 7+ messages in thread
From: Rick Mark @ 2019-08-01 20:00 UTC (permalink / raw)
  To: Greg KH; +Cc: kernel-hardening, keescook

[-- Attachment #1: Type: text/plain, Size: 1176 bytes --]

Awesome,

Thanks Greg for the advice and welcome.

I'm already starting to put together one with Linaro / OP-TEE cross compiled for QEMU ARMv8.  I'll send it back out when it's working / not shameful enough to actually `git push` to a fork.

As an aside for the rest of the mailing list, hope to see you all at BSides/DEFCON/QueerCon in a week.

R
________________________________
From: Greg KH <gregkh@linuxfoundation.org>
Sent: Wednesday, July 31, 2019 10:54 PM
To: Rick Mark <rickmark@outlook.com>
Cc: kernel-hardening@lists.openwall.com <kernel-hardening@lists.openwall.com>
Subject: Re: Hello Kernel Hardening

On Wed, Jul 31, 2019 at 08:33:59PM +0000, Rick Mark wrote:
> Sorry, didn’t realize the Dropbox link shortener required login.  Full link:
>
>
> https://paper.dropbox.com/doc/Security-Critical-Kernel-Object-Confidentiality-and-Integrity-akFs9yNQ8YxLKP3BEaHZ8

That works better, thanks!

As always, why not knock up a working prototype of your idea first and
post it?  That's how we work with kernel development.  Lots of people
have random ideas, but to see if they actually work you need a working
patch.

good luck!

greg k-h

[-- Attachment #2: Type: text/html, Size: 2989 bytes --]

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Awesome,</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Thanks&nbsp;Greg for the advice and welcome.</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
I'm already starting to put together one with Linaro / OP-TEE cross compiled for QEMU ARMv8.&nbsp; I'll send it back out when it's working / not shameful enough to actually `git push` to a fork.</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
As an aside for the rest of the mailing list, hope to see you all at BSides/DEFCON/QueerCon in a week.</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
R</div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Greg KH &lt;gregkh@linuxfoundation.org&gt;<br>
<b>Sent:</b> Wednesday, July 31, 2019 10:54 PM<br>
<b>To:</b> Rick Mark &lt;rickmark@outlook.com&gt;<br>
<b>Cc:</b> kernel-hardening@lists.openwall.com &lt;kernel-hardening@lists.openwall.com&gt;<br>
<b>Subject:</b> Re: Hello Kernel Hardening</font>
<div>&nbsp;</div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">On Wed, Jul 31, 2019 at 08:33:59PM &#43;0000, Rick Mark wrote:<br>
&gt; Sorry, didn’t realize the Dropbox link shortener required login.&nbsp; Full link:<br>
&gt; <br>
&gt; <br>
&gt; <a href="https://paper.dropbox.com/doc/Security-Critical-Kernel-Object-Confidentiality-and-Integrity-akFs9yNQ8YxLKP3BEaHZ8">
https://paper.dropbox.com/doc/Security-Critical-Kernel-Object-Confidentiality-and-Integrity-akFs9yNQ8YxLKP3BEaHZ8</a><br>
<br>
That works better, thanks!<br>
<br>
As always, why not knock up a working prototype of your idea first and<br>
post it?&nbsp; That's how we work with kernel development.&nbsp; Lots of people<br>
have random ideas, but to see if they actually work you need a working<br>
patch.<br>
<br>
good luck!<br>
<br>
greg k-h<br>
</div>
</span></font></div>
</body>
</html>

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Hello Kernel Hardening
  2019-08-01 20:00       ` Rick Mark
@ 2019-08-01 20:25         ` Greg KH
  0 siblings, 0 replies; 7+ messages in thread
From: Greg KH @ 2019-08-01 20:25 UTC (permalink / raw)
  To: Rick Mark; +Cc: kernel-hardening, keescook


A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

A: No.
Q: Should I include quotations after my reply?

http://daringfireball.net/2007/07/on_top

On Thu, Aug 01, 2019 at 08:00:33PM +0000, Rick Mark wrote:
> Awesome,
> 
> Thanks Greg for the advice and welcome.

A bit more advice above on how the kernel developers handle email :)

> I'm already starting to put together one with Linaro / OP-TEE cross
> compiled for QEMU ARMv8.  I'll send it back out when it's working /
> not shameful enough to actually `git push` to a fork.

I would recommend reading the kernel development process documentation
as well, in the kernel source tree.  That will give you a good idea as
to how we work and how we handle reviewing patches (hint, we don't use
git trees for review).

good luck!

greg k-h

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, back to index

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-31  6:52 Hello Kernel Hardening Rick Mark
2019-07-31  9:18 ` Greg KH
2019-07-31 19:55   ` Kees Cook
2019-07-31 20:33   ` Rick Mark
2019-08-01  5:54     ` Greg KH
2019-08-01 20:00       ` Rick Mark
2019-08-01 20:25         ` Greg KH

Kernel-hardening archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/kernel-hardening/0 kernel-hardening/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 kernel-hardening kernel-hardening/ https://lore.kernel.org/kernel-hardening \
		kernel-hardening@lists.openwall.com kernel-hardening@archiver.kernel.org
	public-inbox-index kernel-hardening


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.openwall.lists.kernel-hardening


AGPL code for this site: git clone https://public-inbox.org/ public-inbox