lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 5 Jul 2017 23:27:32 +0100
From:   Ard Biesheuvel <ard.biesheuvel@...aro.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Arnd Bergmann <arnd@...db.de>, Kees Cook <keescook@...omium.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Jean Delvare <jdelvare@...e.de>
Subject: Re: [GIT PULL] gcc-plugins updates for v4.13-rc1

On 5 July 2017 at 22:56, Linus Torvalds <torvalds@...ux-foundation.org> wrote:
> On Wed, Jul 5, 2017 at 2:48 PM, Arnd Bergmann <arnd@...db.de> wrote:
>>
>> This particular example should be handled by
>> scripts/gcc-plugins/structleak_plugin.c, right?
>
> .. probably. But we have a ton of other uses that just pass in
> "result" pointers (not structs), which admittedly don't have the
> padding issue, but do have the exact same issue otherwise.
>
> We have those random "initialize to zero by hand", and I wouldn't
> actually worry about most of the common cases. KASAN will find them
> anyway.
>
> It tends to be the random odd ioctl-like things that nobody finds
> because it's only uninitialized for some silly error case that never
> triggers (or some unusual driver that needs to be loaded).
>

So it seems to me that what sets your example apart is that the
address of an automatic variable is taken and passed to a function
whose implementation may live in another compilation unit. So this
goes beyond any inferences the compiler makes from the possible code
flow about undefined behavior etc.

The compiler already keeps track of which auto variables have their
address taken, so it shouldn't be /that/ hard to come up with a plugin
that zero initializes such variables before their address is taken if
no such initialization is included in the code.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ