lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080212193655.GA2771@uranus.ravnborg.org>
Date:	Tue, 12 Feb 2008 20:36:55 +0100
From:	Sam Ravnborg <sam@...nborg.org>
To:	Arjan van de Ven <arjan@...radead.org>
Cc:	linux-kernel@...r.kernel.org, mingo@...e.hu,
	torvalds@...ux-foundation.org
Subject: Re: vmsplice exploits, stack protector and Makefiles

On Tue, Feb 12, 2008 at 11:08:18AM -0800, Arjan van de Ven wrote:
> On Tue, 12 Feb 2008 19:50:12 +0100
> Sam Ravnborg <sam@...nborg.org> wrote:
> > > 
> > > Now I realize that certain distros have patched gcc to compensate
> > > for their lack of distro wide CFLAGS, and it's great to work around
> > > that... but would there be a way to NOT disable this for
> > > CONFIG_CC_STACKPROTECTOR please? It would have made this exploit
> > > not possible for those kernels that enable this feature (and that
> > > includes distros like Fedora)
> > 
> > I guess the problem is that we in arch/x86/Makefile enable the
> > stackprotector but then later in the main Makefile disables it.
> > So the right way to approach this should be to always disable it and
> > the reenable it in the arch Makefile.
> > So something like this?
> 
> 
> the patch works fine for me.
> Linus, can we please get this merged into .25? it will at least
> again limit the damage exploits like the vmsplice one can do..
> 
> (I think it's also worth it for -stable)

I will prepare it for my next -fix round. Due in a few days.

	Sam

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ