| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 31 Jul 2009 14:15:48 -0700 (PDT) From: Linus Torvalds <torvalds@...ux-foundation.org> To: Ulrich Drepper <drepper@...hat.com> cc: linux-kernel@...r.kernel.org, akpm@...ux-foundation.org Subject: Re: [PATCH] information leak in sigaltstack On Fri, 31 Jul 2009, Ulrich Drepper wrote: > > The following patch should fix the issue. Hmm. Is there any reason not to do an unconditional memset(), and then expect gcc to avoid the unnecessary stores? I realize gcc may not do that, but we could always _hope_. Also, is there really any reason to believe that the only hole can be after ss_flags, and that it's only the case when ss_flags is in the middle? Quite frankly, as far as I can tell, you could have an "int ss_flags" at the _end_ of the structure too, and have the same issue (padding out to the alignment of the struct). For an example of that "'int ss_flags' at the end" look at MIPS. Now, you'd end up with a memset() in that case (since it certainly won't match the offsetof), but my point is, the conditional really looks very arbitrary and rather strange. I'd rather see it unconditional, even if it costs three unnecessary writes or whatever. Linus -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists