oss-sec mailing list archives
Re: Re: Linux Kernel Defence Map
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 4 Apr 2018 17:55:07 -0600
On Wed, Apr 4, 2018 at 4:17 PM, Kees Cook <keescook () chromium org> wrote:
KPTI defends against info leaks and "finding kernel objects" too, in a way. Maybe just add a whole "side channels" bubble? (I think "info leaks" and "finding kernel objects" may need some kind of clarifying language for how they're different)
Please use a CWE identifier if one exists (https://cwe.mitre.org/), if one doesn't exist perhaps we should have one (email me and I'm happy to help get that ball rolling). Having a CWE not only helps categorize things correctly but gives us something to point developers at for resources around flaws and how they can be avoided/dealt with/etc.
-Kees -- Kees Cook Pixel Security
-- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 Red Hat Product Security contact: secalert () redhat com
Current thread:
- Linux Kernel Defence Map Alexander Popov (Apr 04)
- Re: Linux Kernel Defence Map Kees Cook (Apr 04)
- Re: Re: Linux Kernel Defence Map Kurt Seifried (Apr 04)
- Re: Re: Linux Kernel Defence Map Alexander Popov (Apr 30)
- Re: Linux Kernel Defence Map Alexander Popov (Apr 05)
- Re: Linux Kernel Defence Map Kees Cook (Apr 05)
- Re: Linux Kernel Defence Map Alexander Popov (Apr 05)
- Re: Linux Kernel Defence Map Kees Cook (Apr 05)
- Re: Linux Kernel Defence Map Alexander Popov (Apr 06)
- Re: Re: Linux Kernel Defence Map Kurt Seifried (Apr 04)
- Re: Linux Kernel Defence Map Kees Cook (Apr 04)