lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20080213082943.26d24d10.rdunlap@xenotime.net>
Date:	Wed, 13 Feb 2008 08:29:43 -0800
From:	Randy Dunlap <rdunlap@...otime.net>
To:	Ingo Molnar <mingo@...e.hu>
Cc:	pageexec@...email.hu, Sam Ravnborg <sam@...nborg.org>,
	Arjan van de Ven <arjan@...radead.org>,
	linux-kernel@...r.kernel.org, torvalds@...ux-foundation.org
Subject: Re: vmsplice exploits, stack protector and Makefiles

On Wed, 13 Feb 2008 16:29:00 +0100 Ingo Molnar wrote:

> 
> * pageexec@...email.hu <pageexec@...email.hu> wrote:
> 
> > patches to get CONFIG_CC_STACKPROTECTOR_ALL actually to work (it 
> > includes the Makefile patch proposed in this thread already).
> > 
> > note that the fix to ACPI is an actual stack corruption bug (caught by 
> > ssp thanks to a lucky stack layout), due to the misuse of the pci 
> > accessor functions, probably a whole-tree audit is in order for 
> > similar bugs.
> > 
> > note also that the vsyscall functions (more precisely, all the code 
> > that goes into .vsyscall* sections) had better be separated into their 
> > own .c files so that they can be compiled without -mcmodel=kernel and 
> > use %fs for getting the ssp cookie, if ssp is desired at all there).
> 
> thanks, i've picked up your patch into x86.git#mm and also made 
> stackprotector-all default-enabled so that we get more test coverage of 
> this critical security feature. x86.git#mm can be picked up via:
> 
>   http://people.redhat.com/mingo/x86.git/README
> 
> head of the tree:
> 
>   ---------------->
>   commit e1d96d3e489d02b12984fb3c755b0f9a9ae0fe5f
>   Author: Ingo Molnar <mingo@...e.hu>
>   Date:   Wed Feb 13 16:15:34 2008 +0100
> 
>       x86: enable stack-protector by default
> 
>       also enable the rodata and nx tests.
>   <----------------
> 
> your patch booted fine here with stackprotector-all enabled.

Is it signed-off-by: pageexec ?

Couldn't that be a problem?

---
~Randy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ