| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 11 Dec 2008 14:42:28 +0900 From: "Nguyen Anh Quynh" <aquynh@...il.com> To: "Al Viro" <viro@...iv.linux.org.uk> Cc: "Andrew Morton" <akpm@...ux-foundation.org>, LKML <linux-kernel@...r.kernel.org>, "Kuniyasu Suzaki" <k.suzaki@...t.go.jp> Subject: Re: [PATCH] fix calls to request_module() On Thu, Dec 11, 2008 at 2:00 PM, Al Viro <viro@...iv.linux.org.uk> wrote: > On Thu, Dec 11, 2008 at 01:23:36PM +0900, Nguyen Anh Quynh wrote: > >> So I checked again by fixing the code that should be compiled >> (sound/core/sound.c), and can confirm that without the patch we got >> warning like below: >> >> sound/core/sound.c: In function 'snd_request_other': >> sound/core/sound.c:91: warning: format not a string literal and no >> format arguments > > Ah, but that's different. Take a look at that warning and think _why_ > it is given and what is it about. Getting an untrusted string as > format argument is a real security hole, but it has nothing to do > with a pile of cases in your patch. Yes, clearly the warning is to warn us about potential format string bugs. But I agree that there are a lot of false possitives. My patch is mainly to make gcc happy. Thanks, Q -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists