kees

#!/bin/bash
# This expects a specific directory layout and contents:
#
#  $HOME/src/linux        - clone of Linux repo (https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git)
#  $HOME/src/llvm-project - clone of LLVM repo (https://github.com/llvm/llvm-project.git)
#  $HOME/src/linux-build  - place to keep kernel builds
#  $HOME/src/llvm-build   - place to keep LLVM builds
#
#!/bin/bash
set -e

kees

diff --git a/mm/slub.c b/mm/slub.c
index 332d4b459a90..62b300c93ea1 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -5148,6 +5148,14 @@ static ssize_t usersize_show(struct kmem_cache *s, char *buf)
 }
 SLAB_ATTR_RO(usersize);
 
+#ifdef CONFIG_SLAB_FREELIST_HARDENED
+static ssize_t random_show(struct kmem_cache *s, char *buf)

kees

# grsecurity

## integrated

- PERF_HARDEN - local kernel attack surface reduction, landed as perf_event_paranoid=3 by default in AOSP
- DENYUSB - physical attack surface reduction, tied to screen lock state by default (setting exposes on, off, dynamic)
* DEVICE_SIDECHANNEL - closes time-based sidechannels for device types

## wanted

kees

#!/usr/bin/env python3
# EliteHRV is fantastic, but doesn't have a very good export method. This fetches the raw JSON.
# Sad that it's not over https, though it made traffic analysis easier! ;)
# © 2015 Kees Cook <kees@ubuntu.com>
# License: GPLv3
import os, sys, requests
import simplejson as json

def fetch(url, headers, data):
    r = requests.post(url, headers=headers, data=data)

kees

/*
 * Show gcc's behavior regarding string literals and -Wformat-security.
 *
 * gcc -Wformat -Wformat-security -Wall -Werror -o strings strings.c
 *
 * GPLv2+ Kees Cook <keescook@chromium.org>
 */
#include <stdio.h>

struct structure {

kees

Keybase proof

I hereby claim:

• I am kees on github.
• I am kees (https://keybase.io/kees) on keybase.
• I have a public key whose fingerprint is A5C3 F68F 229D D60F 723E 6E13 8972 F4DF DC6D C026

To claim this, I am signing this object: