On 09/14/2016, 06:17 PM, Kees Cook wrote:
> Correct, this is a continuing effort to reduce the internal attack
> surface of the kernel, where one of the most common exploitation
> methods is overwriting function pointers.
> Some examples of attacks and mitigations are here:
> http://kernsec.org/wiki/index.php/Exploit_Methods/Function_pointer_overwrite
> While this patch isn't a huge change, it's still a viable candidate. I
> send these as I notice them, and hope that other folks will start to
> see these opportunities and send more patches too. :)

I didn't object to the patch. I could imagine the use case. But putting
the idea to the commit message would have made it clear.

suse labs

Reply via email to