[ubuntu-hardened] More kernel patches for Kees to check out

[Kees Cook]

On Thu, Feb 14, 2008 at 10:07:36AM -0800, Jeff Schroeder wrote:
> Ingo and his crack team of monkeys are at it again. This time they are
> working on the in-kernel stack protection foo. Any chance that Hardy
> could benefit from some of this code?
> http://lkml.org/lkml/2008/2/14/242

This is great stuff and I'm really looking forward to it, however I
think it's still a bit too new to put into Hardy.  At present, we have
the prior stack protection code (amd64-only) enabled already, so I'm
hoping that's a reasonable middle-ground:

$ grep STACK /boot/config-2.6.24-8-generic 
CONFIG_CC_STACKPROTECTOR=y

I'm still trying to backport the /dev/mem patch -- that should be easy
once I figure out where all the code moved around to.  :)  The x86 merge
is making my head hurt.  :)

-- 
Kees Cook
Ubuntu Security Team