| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Feb 2008 20:36:55 +0100 From: Sam Ravnborg <sam@...nborg.org> To: Arjan van de Ven <arjan@...radead.org> Cc: linux-kernel@...r.kernel.org, mingo@...e.hu, torvalds@...ux-foundation.org Subject: Re: vmsplice exploits, stack protector and Makefiles On Tue, Feb 12, 2008 at 11:08:18AM -0800, Arjan van de Ven wrote: > On Tue, 12 Feb 2008 19:50:12 +0100 > Sam Ravnborg <sam@...nborg.org> wrote: > > > > > > Now I realize that certain distros have patched gcc to compensate > > > for their lack of distro wide CFLAGS, and it's great to work around > > > that... but would there be a way to NOT disable this for > > > CONFIG_CC_STACKPROTECTOR please? It would have made this exploit > > > not possible for those kernels that enable this feature (and that > > > includes distros like Fedora) > > > > I guess the problem is that we in arch/x86/Makefile enable the > > stackprotector but then later in the main Makefile disables it. > > So the right way to approach this should be to always disable it and > > the reenable it in the arch Makefile. > > So something like this? > > > the patch works fine for me. > Linus, can we please get this merged into .25? it will at least > again limit the damage exploits like the vmsplice one can do.. > > (I think it's also worth it for -stable) I will prepare it for my next -fix round. Due in a few days. Sam -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists