| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Feb 2008 11:08:18 -0800 From: Arjan van de Ven <arjan@...radead.org> To: Sam Ravnborg <sam@...nborg.org> Cc: linux-kernel@...r.kernel.org, mingo@...e.hu, torvalds@...ux-foundation.org Subject: Re: vmsplice exploits, stack protector and Makefiles On Tue, 12 Feb 2008 19:50:12 +0100 Sam Ravnborg <sam@...nborg.org> wrote: > > > > Now I realize that certain distros have patched gcc to compensate > > for their lack of distro wide CFLAGS, and it's great to work around > > that... but would there be a way to NOT disable this for > > CONFIG_CC_STACKPROTECTOR please? It would have made this exploit > > not possible for those kernels that enable this feature (and that > > includes distros like Fedora) > > I guess the problem is that we in arch/x86/Makefile enable the > stackprotector but then later in the main Makefile disables it. > So the right way to approach this should be to always disable it and > the reenable it in the arch Makefile. > So something like this? the patch works fine for me. Linus, can we please get this merged into .25? it will at least again limit the damage exploits like the vmsplice one can do.. (I think it's also worth it for -stable) -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists