| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 25 Jun 2016 09:28:42 +0200 From: Heiko Carstens <heiko.carstens@...ibm.com> To: Paul Moore <paul@...l-moore.com> Cc: Stephen Rothwell <sfr@...b.auug.org.au>, James Morris <jmorris@...ei.org>, linux-next@...r.kernel.org, linux-kernel@...r.kernel.org, Kees Cook <keescook@...omium.org>, Martin Schwidefsky <schwidefsky@...ibm.com> Subject: Re: linux-next: manual merge of the audit tree with the security tree On Fri, Jun 24, 2016 at 12:20:52PM -0400, Paul Moore wrote: > > I'm a bit concerned about user space pointers passed as argument for compat > > tasks. These need to mask out 33 instead of 32 bits. This is of course > > system call specific and I don't know enough about audit to tell if it > > could be a problem. > > From a practical point of view I'm not sure how much of an impact that > will have as it is unlikely anyone will be doing anything useful with > those pointer values; for example, you aren't going to be inspecting a > process' memory space using just the audit log. Also, at the very > least we aren't removing any information, just adding in an extra bit > of potential junk. Anyone who does care about user space pointers in > the audit log, should have all the information the need to drop the > high bit. > > Does that sound reasonable? Yes, it does. If there should be problems because of the one extra bit that potentially contains garbage we still can look for a way to fix this. Thanks!
Powered by blists - more mailing lists