lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 25 Jan 2018 13:42:25 -0800
From:   Darren Hart <dvhart@...radead.org>
To:     Jiri Slaby <jslaby@...e.cz>
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        linux-kernel@...r.kernel.org, stable@...r.kernel.org,
        Li Jinyue <lijinyue@...wei.com>, peterz@...radead.org,
        "torvalds@...ux-foundation.org" <torvalds@...ux-foundation.org>
Subject: Re: [PATCH 4.14 17/89] futex: Prevent overflow by strengthen input
 validation

On Thu, Jan 25, 2018 at 04:21:51PM +0100, Jiri Slaby wrote:
> On 01/25/2018, 04:12 PM, Greg Kroah-Hartman wrote:
> > On Thu, Jan 25, 2018 at 03:47:32PM +0100, Jiri Slaby wrote:
> >> On 01/25/2018, 03:30 PM, Thomas Gleixner wrote:
> >>> So what's the problem?
> >>
> >> The problem I see is that every stable kernel now requires updated
> >> strace with their commit from yesterday to build correctly. In
> >> particular, the new stable kernels cause rpm build failures of strace in
> >> all our distros (based on those stable kernels). Sure, we can patch
> >> strace in every distro every nth kernel update, but it's mere
> >> impractical. Kernel should not break userspace, right?
> > 
> > Well, when userspace is doing something stupid... :)
> 
> No doubt... But does that mean we no longer maintain the "no userspace
> breakage even if it is stupid" rule?

One of the reasons we have been adding these earlier input validation checks to
futex has been to mitigate security exploits taking advantage of the complex
nature of the system call. Granted we should have done this initially, but if we
avoid some of these nasty exploits (and the real harm they enable), then yeah,
this is worth fixing userspace which is relying on undefined behavior.

I'd still like to out why various distros are sending garbage to uadd2 for
network setup (but that's another topic).

-- 
Darren Hart
VMware Open Source Technology Center

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ