| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 6 Jun 2013 13:52:17 -0700
From: Kees Cook <keescook@...omium.org>
To: linux-kernel@...r.kernel.org
Cc: Andrew Morton <akpm@...ux-foundation.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Jens Axboe <axboe@...nel.dk>,
"David S. Miller" <davem@...emloft.net>,
Herbert Xu <herbert@...dor.hengli.com.au>,
David Woodhouse <dwmw2@...radead.org>,
Anton Vorontsov <cbou@...l.ru>,
Karsten Keil <isdn@...ux-pingi.de>
Subject: [PATCH 0/8] format string usage clean ups
Hello,
This series is a result of an audit of format string uses in the
kernel. Of two exploitable flaws, the first fix is now in the wireless
tree:
http://git.kernel.org/cgit/linux/kernel/git/linville/wireless.git/commit/?id=9538cbaab6e8b8046039b4b2eb6c9d614dc782bd
The second fix is here as patch 1 ("block: do not pass disk names as format strings"). All the rest are either interface clean ups or
preventative measures to avoid accidents in the future.
There is still more needed before we can do something like this in
the Makefile:
+# Enable format-security when it can stop the build, otherwise disable.
+KBUILD_CFLAGS += $(call cc-option,\
+ -Wformat -Wformat-security -Werror=format-security,\
+ -Wno-format-security)
but I think this series covers the majority of potentially sensitive
exposed infrastructure.
Thanks,
-Kees
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists