| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Jul 2007 19:56:55 -0700 (PDT) From: Linus Torvalds <torvalds@...ux-foundation.org> To: Roland Dreier <rdreier@...co.com> cc: Jeff Garzik <jeff@...zik.org>, akpm@...ux-foundation.org, linux-kernel@...r.kernel.org, linux-ide@...r.kernel.org, chas@....nrl.navy.mil, rolandd@...co.com, dwmw2@...radead.org, gregkh@...e.de Subject: Re: [git patches 1/2] warnings: attack valid cases spotted by warnings On Tue, 17 Jul 2007, Roland Dreier wrote: > > So setting a variable to something meaningless (guaranteeing that a > garbage value is used in case of a bug) just to shut up a warning makes > no sense -- it's no safer than leaving the code as is. Wrong. It's safer for two reasons: - now everybody will see the *same* behaviour - the "meaningless value" is guaranteed to not be a security leak but the whole "shut up bogus warnings" is the best reason. So it *is* safer than leaving the code as-is. Of course, usually the best approach is to rewrite the code to be simpler, so that even gcc sees that something is obviously initialized. Sadly, people seldom do the right thing, and sometimes gcc just blows incredibly hard. Linus - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists