lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Mon, 23 Jul 2007 10:55:36 -0700 (PDT)
From:	Amit Choudhary <amit2030@...oo.com>
To:	Linux Kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] include/linux/slab.h: new KFREE() macro.


>Amit Choudhary <amit2030@...xxxxxx> wrote:
>> --- Christoph Hellwig <hch@...xxxxxxxxxx> wrote:
>>> On Sun, Jan 07, 2007 at 12:46:50AM -0800, Amit Choudhary wrote:

>> Any strong reason why not? x has some value that does not make sense and can
>> create only problems. And as I explained, it can result in longer code too.
>> So, why keep this value around. Why not re-initialize it to NULL.

>1) Because some magic value like 0x23 would be better.
>2) Because it hides bugs like double frees or dangeling references while
>creating a race condition. In the end, you'll get more hard-to-find bugs
>in exchange for papering over some easy-to-spot bugs.

Sorry for spamming the list again but some people may find this useful:

[Dangling pointers are security vulnerability]

http://it.slashdot.org/it/07/07/23/1624203.shtml

Excerpt:
***
Dangling pointers are quite common, but security experts and developers have said for years that
there is no practical way to exploit them, so they've been considered quality-assurance problems
and not security flaws.

But now that has changed.

"The problem before was, you had to override the exact location that the pointer was pointing to.
It was considered impossible. But we discovered a way to do this with generic dangling pointers
and run our own shell code."
***

-Amit



       
____________________________________________________________________________________
Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, news, photos & more. 
http://mobile.yahoo.com/go?refer=1GNXIC
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ