| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <84fc9c000803051344q3294d02cvaf860e345b923077@mail.gmail.com> Date: Wed, 5 Mar 2008 22:44:35 +0100 From: "Richard Guenther" <richard.guenther@...il.com> To: "Joe Buck" <Joe.Buck@...opsys.com> Cc: "H. Peter Anvin" <hpa@...or.com>, "Michael Matz" <matz@...e.de>, "Jan Hubicka" <hubicka@....cz>, "Aurelien Jarno" <aurelien@...el32.net>, linux-kernel@...r.kernel.org, gcc@....gnu.org Subject: Re: RELEASE BLOCKER: Linux doesn't follow x86/x86-64 ABI wrt direction flag On Wed, Mar 5, 2008 at 10:43 PM, Joe Buck <Joe.Buck@...opsys.com> wrote: > > On Wed, Mar 05, 2008 at 01:34:14PM -0800, H. Peter Anvin wrote: > > Richard Guenther wrote: > > > > > >We didn't yet run into this issue and build openSUSE with 4.3 since more > > >than > > >three month. > > > > > > > Well, how often do you take a trap inside an overlapping memmove()? > > Also, would it be possible to produce an exploit? If you can get string > instructions to work "the wrong way", you might be able to overwrite data. > > "We haven't seen a problem" isn't the right answer. Can someone > deliberately *create* a problem? > > And if we aren't sure, we should err on the side of safety. Oh, you mean releasing a kernel security update? ;) What does ICC or other compilers do? Richard. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists