Kees Cook @kees_cook
Free Software Hacker he/him @[email protected] outflux.net/blog Portland, OR, USA Joined February 2010-
Tweets435
-
Followers5K
-
Following109
-
Likes394
Today's the 7th anniversary of founding the Kernel Self-Protection Project! lore.kernel.org/kernel-hardeni… We've come a long way, but there's still lots more work to do. :)
@trufae This is a problem in the kernel where we intentionally replace some globals, so I'm hoping to use -Wshadow=local instead: github.com/KSPP/linux/iss…
If you can't switch your C to Rust immediately, consider at least enabling all the sanity checking the compiler can already do for free: -Wall -D_FORTIFY_SOURCE=2 -fsanitize=bounds fsanitize-undefined-trap-on-error -fstrict-flex-arrays (GCC 13+, Clang 16+)
@Lahvuun I'm recommending "bounds" not "address" and if you use trap mode, it doesn't need the library.
@Khajiit_san glibc headers/runtime supports 1-3. Bionic supports 1-2. musl doesn't support it at all, and the separate fortify-aware headers (for 1-2) don't come with a runtime. So, yeah, =3 is glibc only currently.
@Khajiit_san FORTIFY is a weird one: it's a combination of compiler builtins, libc headers, and libc runtime features. =1 uses __builtin_object_size(p, 0) =2 uses __builtin_object_size(p, 1) =3 uses __builtin_dynamic_object_size(p, 1) ...
@zgrlin -fsanitize=address is ASAN (and is great) but usually considered too heavy for production code. -fsanitize=bounds has trivial overhead, though. Compiler can, you know, check the bounds: "Am I about to use an index outside the size of the array I know the length of? Maybe don't!"
@_trou_ @BincatLady Cool! You remind me I've had buffer overflows on my mind too much recently: there's so much more to enable for other security bug classes, too: -fstack-protector-strong -Wvla -Wimplicit-fallthrough -ftrivial-auto-var-init=zero All of these should be default on in distros! :|
@lafp I thought that part of -Wall? I ran out of characters on the first tweet, but if not -Wall, then yes, these: -Warray-bounds -Wstringop-overflow -Wstringop-overread -Wstringop-truncation
@signalapp This is extremely disappointing. SMS integration is what set Signal apart from the fragmented ecosystem of other messaging apps. It's what made it easy for less technical friends & family to switch to and stay with Signal.
I've started trying to document the various things I've learned about using Coccinelle to match code patterns in the Linux kernel here: github.com/kees/kernel-to… It's hardly complete, but I wanted to start keeping notes somewhere I could find later. :)
On Linux there's at least 2 ways to mitigate these kinds of attacks: - easy: seccomp filter of "exec" system call - better: MAC (e.g. AppArmor, SELinux, etc) to block both "exec" and limit unexpected path traversals and file accesses
I looked through these RCEs: they appear to all be command injection. (Though the MS issues don't have much detail.) Notably, there aren't any memory safety issues. But this is also more about web/net services, and command injection is the low hanging fruit in that environment.
Thank you @samitolvanen, Peter, Joao, @nullmodem, @embeddedgus, @NathanChance, Nick, Sedat, Josh, and everyone else who helped get KCFI developed and landed! git.kernel.org/linus/865dad20…
I think -Wimplicit-fallthrough should be enabled by -Wall. Right now it's only on with -Wextra. Thoughts?
@palefist The first half of the memcpy story is detailed here: git.kernel.org/linus/f68f2ff9… tl;dr: identify a very common type of buffer overflow so they can be stopped
We've finally landed the run-time memcpy() overflow warning patch in linux-next: git.kernel.org/pub/scm/linux/… So now I'm constantly reloading a search on lore, checking if anyone has run into new instances on real work loads. :P lore.kernel.org/all/?q=%22dete…
So many interesting finds in this research! I struggle to fit even one in a tweet: "... while we may not be decreasing the # of vulns... there are indications [of] ... a notion of maturity, where vulns will be mostly absent from code older than a specific point in the past."
How Long Do Vulnerabilities Live in the Code? A Large-Scale Empirical Measurement Study on FOSS Vulnerability Lifetimes | USENIX usenix.org/conference/use…
0xor0ne @0xor0ne
91K Followers 508 Following Cybersecurity | Reverse Engineering | Vulnerability Research | Embedded & Silicon Security | My Tweets, My Opinions :)
Brendan Dolan-Gavitt @moyix
33K Followers 6K Following Building offsec agents: https://t.co/G9EtnC2Gl3 PGP https://t.co/3WXr0RfRkv
Jens Axboe @axboe
14K Followers 302 Following Linux kernel IO dabbler @ Meta @[email protected] Axboe Racing https://t.co/dog9gog5lf
mdowd @mdowd
33K Followers 757 Following Internet Hacker. Founder of @vigilant_labs. Previously, co-founder of Azimuth Security (now L3Harris Trenchant)
Jon Masters 🏴�... @jonmasters
16K Followers 7K Following Troublemaker | Computer Architect | @Arm Servers Architect @Google | Previously @RedHat, @Nuvia_Inc | Runner | Author | All views my own | #ArmServers
Jeff Vander Stoep @jeffvanderstoep
3K Followers 217 Following Android security @google [email protected]
Dmitry Vyukov @dvyukov
9K Followers 387 Following I tweet about fuzzing, bugs, sanitizers, security, hardening, kernels, syzkaller, Go, performance, concurrency, lock-free algorithms.
Björkus 'No time_t t... @__phantomderp
13K Followers 2K Following The C Standard Cannot Be Replaced And Will Never Be Destroyed. ➡ https://t.co/IWEB4XZpve | Avatar @KIINGKIISMET | Banner @Reckless_Moss
Andrey Konovalov @andreyknvl
7K Followers 862 Following Security engineer at https://t.co/027VXUlgOx. Focusing on the Linux kernel. Maintaining @linkersec. Trainings at https://t.co/D5MrxmYimS.Patrick Walton @pcwalton
18K Followers 516 Following Programming languages and graphics person. @pcwalton.bsky.social
chrisrohlf @chrisrohlf
12K Followers 928 Following Waging algorithmic warfare since 2003. Engineer, Researcher. MTS @ Anthropic, Non-Resident Research Fellow @CSETGeorgetown CyberAI
h0mbre @h0mbre_
16K Followers 662 Following # Exploit Reliability Engineer # Developing a full-system snapshot fuzzer: https://t.co/mfVXhwoGYD # Avi: https://t.co/3fsQfVprCf
Richard Johnson @richinseattle
19K Followers 3K Following Computer Security, Reverse Engineering, and Fuzzing; Training & Publications @ https://t.co/mloVP6rPB7; hacking the planet since 1995; Undercurrents BOFH
Joel Fernandes 🐧�... @joel_linux
1K Followers 637 Following My thoughts on work, open source and occasional rants about world affairs. When in doubt, turn it inside out. Also on Mastodon: @[email protected]
𝗥𝗬𝗔𝗡 𝗦... @withzombies
3K Followers 1K Following "im not distilled! im not distilled!!", i continue to insist as i slowly shrink and transform into a prompt
Cyber Crow @Cyb3rCr0wCC
3 Followers 43 Following DevOps & Software Engineer || Malware dev for fun || Mobile Enthusiast
KF @d0tslash
11K Followers 12K Following My commentary is not affiliated with, neither represents the views, position or attitudes of my employer(s) their clients, or any of their affiliated companies.
boaka @NamanSingh29452
1 Followers 112 Following
Socarates @AthenaWisdom13
1 Followers 225 Following
donna @donnaskiez
88 Followers 531 Following
Eric Chou @EricccTaiwan
17 Followers 1K Following Wanna be a Kernel Hacker! | Linux System SWE @MediaTek | MS @NCKU_official
Ufuk Ulas Erdem @ufukulaserdem
5 Followers 51 Following Building observability systems. Focused on Cloud Workload Protection, Runtime Security, and Low-Level Systems. C // Python // (Learning Rust & Assembly)
AB20251 @AB20251189171
0 Followers 334 Following
杜小强 @dxq381500
4 Followers 141 Following
Daniel @dancr0i
2 Followers 743 Following
user12595460565209 @user7zp
0 Followers 103 Following
Mandel Alon @Aloak
698 Followers 3K Following
sandy (dev mode) ☕�... @JustBootStuff
30 Followers 77 Following engineer of 6+ years living in the woods and trying to make money online 🏳️🌈
Suchit K @Suchit_71
52 Followers 486 Following There are 10 types of people: those who understand binary and those who don't
Rover @Rover1496480
1 Followers 188 Following
David Bouman @pqlqpql
2K Followers 388 Following vuln research (mostly kernels) & ctf w/ @0rganizers
avinash singh @A_A_Avinash
12 Followers 19 Following
@allworkandnoplay @allworkanoplay
41 Followers 2K Following strictly technical stuff, less of a profile more of a bulletin
عبد السلام �... @lka3h_taime
468 Followers 2K Following
Jordan @JordanDick85382
60 Followers 134 Following
Amine ichou @ichouamine_
11 Followers 46 Following
Loubna Abt @Ethreal455
1 Followers 18 Following
Randy/Deanna-OlderGee... @GeekOnTheLoose
9K Followers 7K Following We maintain free software downloads with no ads, no crapware & no b.s. It's kinda what we're known for. #opensource #computing #software #freeware #FOSS
Asaf Saadia @_setuid0
59 Followers 790 Following
annumeena @annumeena19
75 Followers 7K Following
Hussein Muhaisen @husseinmuhaisen
2K Followers 4K Following Computer Security Researcher @OrbitCurveSec, @(PagedOut_zine), @(GuidedHacking).
Н. Лхагвадо�... @n_lkh
31 Followers 471 Following
Marco Cappellari @MarcoRomildo
3K Followers 7K Following Assistente Tecnico presso il Genio Civile di Padova
isiah.gu @isiah_gu
7 Followers 680 Following
CougarBytes @C0ugarBytes
4 Followers 127 Following Linux malware and exploit development researcher by day, economics enthusiast by night.
Maximus Paperclips @maxpaperclip
101 Followers 4K Following Annoying digital gods with stupid questions since 2023. Paperclip Supremacy Advocate.
Raymond @LinRaymond2006
25 Followers 4K Following
Ankur @Ankuryogi11
244 Followers 6K Following
比个心 @vbigthing
51 Followers 4K Following
Antonio Frighetto @antoniofrighez
253 Followers 481 Following reverse engineer & compilers enthusiast • @polimi alumnus
desnecessario1555 @cinquentaoitoum
0 Followers 1K Following
Jeff Vander Stoep @jeffvanderstoep
3K Followers 217 Following Android security @google [email protected]
LWN.net @lwnnet
16K Followers 0 Following http://t.co/CuIDGv8dj9 is the definitive web site for news from and about the Linux and free software development communities.
Andrey Konovalov @andreyknvl
7K Followers 862 Following Security engineer at https://t.co/027VXUlgOx. Focusing on the Linux kernel. Maintaining @linkersec. Trainings at https://t.co/D5MrxmYimS.
Linux Kernel Security @linkersec
10K Followers 0 Following Links related to Linux kernel security and exploitation. Maintained by @andreyknvl and @a13xp0p0v. Also on https://t.co/GVE11dpBb8 and https://t.co/YpxPWXnA6Z.
MachinePix @MachinePix
207K Followers 76 Following Amazing feats of engineering. Tweeted by @kane and https://t.co/c2bRClqVy5.
PBF Comics @PBFcomics
102K Followers 1K Following Ancient webcomic dark arts by Nick G, often with Evan and/or Jordan Occasional comics in your inbox, free: https://t.co/yMKGyrR8OP
OSU Security Club @OSUSEC
273 Followers 43 Following Oregon State University Security Club (OSUSEC) @EFF alliance member | github/gitlab: osusec CTF: https://t.co/mWvstU0qJZ https://t.co/8UICzhLOd7
lvwr @lvwr
374 Followers 1 Following
Jordy Zomer @pwningsystems
3K Followers 264 Following Security Engineer @ Google, likes fuzzing, static analysis and VR. The opinions stated here are my own, not those of my company.
Aoife @autismaoife
175 Followers 111 Following Blogger for aisforaoifenotautism talking about the ups and downs of life on the spectrum
donald @donaldglover
2.3M Followers 0 Following
Sarah Andersen @SarahCAndersen
853K Followers 2K Following Author of Sarah's Scribbles, FANGS, and Cryptid Club she/her No NFTs 🚫 no A.I. Publishing inquiries: [email protected]
cats being weird litt... @weirdlilguys
1.9M Followers 46 Following wlg fan club 🐈 dm for submissions + credit! • IG: @ catsbeingweirdlittleguys • partnerships: [email protected] • TEES N STICKERS 👇👇
Alisa Esage Шевч�... @alisaesage
41K Followers 99 Following Independent hacker and researcher, owner of Zero Day Engineering @zerodayalpha
Amanda Walker @_Amanda_Walker
844 Followers 739 Following Not reading Twitter for the foreseeable future.
Alex Rebert @ayper
522 Followers 662 Following Security @ Google. Previously co-founder of @ForAllSecure. Opinions here are my own. @[email protected]
Terrible Maps @TerribleMaps
1.7M Followers 1K Following The home of terrible maps with a pinch of humour [email protected]Mark Galassi @markgalassi
182 Followers 329 Following astrophysicist/hacker at @LosAlamosNatLab - co-founder Institute for Computing in Research - director @conservancy - mastodon: https://t.co/ledGIFC0BU
ehashman@cloudisland.... @ehashdn
3K Followers 342 Following Queen of Debian Clojure, Her Grace, Dutchess of Node, Empress of Symbol Versions, Conqueress of ABIs. SWE @Apple. partition-tolerant, available, not consistent
JF Bastien @jfbastien
12K Followers 646 Following Build & scale platform — compilers / programming languages / security / safety
K. Ryabitsev 🇨🇦... @monsieuricon
349 Followers 126 Following Linux Foundation IT. Migrated to @[email protected]
PaulChadeisson @PaulC04
65K Followers 215 Following My new film SECOND SKIN is now available on youtube! https://t.co/pwYF1ZNBbx
crowley, irish wolfho... @realwolfpupy
1K Followers 81 Following 10mo IW pup. fren of blåhaj. good highfives an boops. live in forest an city. they/them/any. @isislovecruft is my hoom
Behind The Scenes Pic... @Behind_Pics
495K Followers 7 Following Weird, meme-y images of entertainment in the making | DM submissions
Simon Stålenhag 🐀 @simonstalenhag
170K Followers 249 Following I'm not on twitter anymore. For now, you can find me at https://t.co/8P5HJOKow6 @[email protected] or https://t.co/mMwZlJW3W3
Jon Stewart @jonstewart
1.6M Followers 3 Following
Sarah Beattie @nachosarah
432K Followers 569 Following writer. comedy person. I hate your ex boyfriend. Sorry I meant mine. I have big tits
linux.conf.au @linuxconfau
4K Followers 536 Following Check out @_everythingopen #EverythingOpen, running 20th-22nd January 2025 at @AdelaideCC, #Adelaide / #Tartanya
Bee and PuppyCat @BeeAndPuppyCat
54K Followers 26 Following Official account for the animated series from @CartoonHangover. Created by @Natazilla. Bee and PuppyCat: Lazy in Space now streaming on @netflix
DadPirateSparklePony @thelongshanx
1K Followers 559 Following Trip Longworth: DevOps nerd, whipped topping mad scientist/thought leader, Semper Bi 💖💛💙 they/he @[email protected]
Adriaan Tijsseling @_ado
489 Followers 394 Following Mastodon: @[email protected] BlueSky: @adriaangt.bsky.social
ARCHIVED - NASA's Per... @NASAPersevere
2.9M Followers 39 Following This account has been archived. Follow @NASAMars to get the latest updates on the Perseverance rover’s mission.
Grant Grundler @GrantGrundler
11 Followers 9 Following Linux Kernel Developer. Parent. Maker. Fix bikes. Ride bikes. Outdoors. Dark Chocolate. Cappuccino.
out of context Bluey @blueynocontext
18K Followers 684 Following moments from the cartoon about the worlds cutest blue heeler
visi stark @invisig0th
5K Followers 680 Following Founder @vtxproject Father of the #APT1 Report @mandiant / @fireeye Inventor of synapse, vivisect, UNCs, imphash, ... DEFCON CTF Champion, Founder of Kenshoto
Vitaly Nikolenko @vnik5287
6K Followers 94 Following Security researcher @ DUASYNT. Kernels, browsers. PGP: 77B1 FBAC E0FD 2E94 F8AC 2D91 9566 2314 344F 85E8
Justin Campbell @metr0
3K Followers 240 Following Security research and exploit mitigations @Microsoft. Kenshoto founder and CTF burnout. Tweets are, regrettably, my own.
Aleksa Sarai 暗号�... @lordcyphar
1K Followers 334 Following 🇯🇵日本語の勉強中。時々拙い日本語でツイートするよ。 "Designated communications provider" under §317C(6) of the Telecommunications Act 1997. he/him. Founding Engineer @amutablesystems.
James Fridman @fjamie013
2.1M Followers 1 Following Do not submit any personal photos that you do not want to be made public. Terms and conditions apply. https://t.co/WWtgLUgpub
Allison Randal @allisonrandal
2K Followers 222 Following
Brandon Edwards @drraid
5K Followers 1K Following CTO @crashappsec. Past: Cofounder and Chief Scientist @capsule8, Hacker-in-Residence @NYUTandon, and other research, reverse-engineering, and exploit dev roles.
Justin Vreeland @jvreeland26
96 Followers 2K Following
Olof Johansson @olofj
1K Followers 2K Following 🇸🇪🇺🇸 I tend to have the same username on most services. Previously: VP of Infrastructure and Platform Software at Tenstorrent.
A̶n̶d̶r̶e̶w̶ ̶... @arw
2K Followers 2K Following An Englishman in San Francisco. Director of security for Google Chrome. https://t.co/vaOsTQyluD over on bluesky.
Parisa Tabriz @laparisa
56K Followers 4K Following Browser Boss @googlechrome; Security Princess @google; former @usds; skilled at baking, eating, and hijacking cookies.
The Unbeatable Squirr... @unbeatablesg
13K Followers 17 Following I kick butts and eat nuts! Not always in that order, either!
BEE 🩷 @heyimbee
579K Followers 840 Following half real half hot succubus 𓆩♡𓆪 | https://t.co/3aLZtblrx0 ↓ more of me in links ☆⋆.⊹
NASA InSight @NASAInSight
712K Followers 36 Following Retired NASA robot, at rest on the plains of Mars after a mission to study the planet’s evolution. Mars updates: @NASAMars (Verification: https://t.co/uFIqa0lg2B)






















