| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <85A9A687-D5E0-4EE4-8FFE-ED70C8CCE863@kernel.org> Date: Fri, 23 May 2025 10:14:04 -0700 From: Kees Cook <kees@...nel.org> To: Theodore Ts'o <tytso@....edu>, David Laight <david.laight.linux@...il.com> CC: Ethan Carter Edwards <ethan@...ancedwards.com>, Andreas Dilger <adilger.kernel@...ger.ca>, linux-ext4@...r.kernel.org, linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH v2] ext4: replace strcpy() with '.' assignment On May 23, 2025 7:24:49 AM PDT, Theodore Ts'o <tytso@....edu> wrote: >On Fri, May 23, 2025 at 01:31:00PM +0100, David Laight wrote: >> >> The compiler (or headers files) can also allow strcpy() of constant >> length strings into arrays (known size). Erroring requests that are too long. >> The strcpy() is then converted to a memcpy() which can then be optimised >> into writes of constants. >> >> So using strcpy() under those conditions 'isn't all bad' and can generate >> better (and less bug prone) code than trying to hand-optimise it. >> >> So even through strcpy() is usually a bad idea, there is not need to >> remove the calls that the compiler can validate as safe. > >I assume that what the hardening folks want to do is to assert that >strcpy is always evil(tm) so they can detect potential security bugs >by doing "git grep strcpy". FWIW, what I'd like is a lack of ambiguity for both humans and compilers. "Get rid of strcpy" is the Big Hammer solution for strcpy. The more precise version is "disallow strcpy of a src or dst where either lack a compile-time buffer size". -Kees -- Kees Cook
Powered by blists - more mailing lists