GrapheneOS/linux-hardened

Issues

• probabilistic return address protection for Clang

  #58 opened 3 years ago by thestinger
  1

• type-based CFI for indirect calls

  #65 opened 4 years ago by thestinger
  0

• SipHash with a non-readable-memory key (infrastructure for other things)

  #31 opened 4 years ago by thestinger
  0

• Why is AppArmor not enabled?

  #67 opened 7 years ago by francoism90
  1

• zfs load-keys results in KP

  #68 opened 7 years ago by francoism90
  3

• invalid opcode. list_del_entry_valid

  #69 opened 7 years ago by alexminder
  4

• Compiling error with version 4.14.13 to version 4.15.1

  #70 opened 7 years ago by Kalle72
  6

• CVE-2017-5753 - Spectre Variant 1

  #71 opened 7 years ago by ralaud
  12

• detected buffer overflow in strlen

  #72 opened 7 years ago by Bernhard40
  11

• missing compiler check for "-fsanitize=local-init" support

  #73 opened 7 years ago by alexw65500
  11

• SROP mitigation with SipHash-generated cookies

  #74 opened 7 years ago by thestinger
  0

• [PATCH] remove unused softirq_action callback parameter - causes build failure on 4.17

  #76 opened 7 years ago by Bernhard40
  0

• 4.16.13, 4.14.45, 4.14.46, 4.14.47

  #82 opened 7 years ago by NeQuissimus
  2

• enable intra-object checking for fortified string functions

  #41 opened 8 years ago by thestinger
  1

• MPROTECT

  #42 opened 7 years ago by thestinger
  16

• STACKLEAK plugin

  #43 opened 7 years ago by thestinger
  0

• slab FIFO / randomized quarantine (not tied to ASan)

  #44 opened 8 years ago by thestinger
  0

• RANDKSTACK for arm64

  #45 opened 8 years ago by thestinger
  0

• Build Failure w/ 4.12.a Patch

  #46 opened 7 years ago by githububub
  1

• denyusb implementation

  #47 opened 7 years ago by osteichthyes
  1

• Longterm releases?

  #48 opened 7 years ago by nullchinchilla
  1

• port in-scope GCC plugins to Clang

  #49 opened 7 years ago by thestinger
  0

• [Patch attached] Secure TCP timestamp response

  #50 opened 7 years ago by theLOICofFRANCE
  2

• Change the rights in /proc to limit exploits.

  #51 opened 7 years ago by theLOICofFRANCE
  4

• extend SELinux memory protections to have parity with PaX MPROTECT

  #52 opened 7 years ago by thestinger
  8

• Installation instructions (more a question than an issue)

  #53 opened 7 years ago by Kalle72
  3

• A question about Emutramp

  #54 opened 7 years ago by Kalle72
  2

• add the option of using -fsanitize=local-init for Clang kernel builds

  #59 opened 7 years ago by thestinger
  2

• STACKLEAK for Clang

  #60 opened 7 years ago by thestinger
  0

• figure out how serious Google is about implementing SafeStack + CFI for the kernel and a rough timeline as it can aid an alternate CFI implementation

  #61 opened 7 years ago by thestinger
  1

• type-based (or finer-grained) CFI for the kernel with Clang (indirect calls and returns)

  #56 opened 7 years ago by thestinger
  0

• struct layout randomization for Clang

  #57 opened 7 years ago by thestinger
  0

• [Request] Add TCP Stealth system to protect unadvertised servers from port scanning

  #62 opened 7 years ago by Megver83
  1

• refcount_t: saturated; leaking memory

  #63 opened 7 years ago by michabuntu
  1

• stack clearing

  #64 opened 7 years ago by thestinger
  0

• type-based CFI for returns

  #66 opened 7 years ago by thestinger
  0

• deny new usb peripherals

  #26 opened 8 years ago by thestinger
  1

• add the option of more aggressive local variable sanitization

  #28 opened 7 years ago by thestinger
  0

• mark __supported_pte_mask as __ro_after_init

  #29 opened 8 years ago by thestinger
  1

• XOR-based return protection, similar to the private PaX RAP implementation

  #30 opened 7 years ago by thestinger
  0

• scope out targeted usage of non-heuristic-based integer overflow checking

  #35 opened 8 years ago by thestinger
  0

• scope out targeted usage of the bounds and object-size sanitizers

  #34 opened 8 years ago by thestinger
  0

• trusted path execution

  #33 opened 7 years ago by thestinger
  7

• Ubuntu 17.04 does not boot with CONFIG_SLAB_CANARY enabled

  #38 opened 7 years ago by dbaxa
  52

• improve the robustness of slub page freelists

  #36 opened 8 years ago by thestinger
  0

• improve slub canary generation

  #37 opened 8 years ago by thestinger
  0

• Enable TOMOYO by default

  #39 opened 8 years ago by x4rxes
  4

• a kernel with the patch don't pass the pax's test

  #40 opened 8 years ago
  6

• mitigate device timing side channels

  #25 opened 8 years ago by thestinger
  1

• Kernel panic after resume from suspend with 4.11.1.a

  #27 opened 8 years ago
  15