lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20080306175841.GI17267@synopsys.com>
Date:	Thu, 6 Mar 2008 09:58:41 -0800
From:	Joe Buck <Joe.Buck@...opsys.COM>
To:	Olivier Galibert <galibert@...ox.com>,
	Paolo Bonzini <bonzini@....org>,
	"H. Peter Anvin" <hpa@...or.com>,
	Chris Lattner <clattner@...le.com>,
	Michael Matz <matz@...e.de>,
	Richard Guenther <richard.guenther@...il.com>,
	Jan Hubicka <hubicka@....cz>,
	Aurelien Jarno <aurelien@...el32.net>,
	linux-kernel@...r.kernel.org, gcc@....gnu.org
Subject: Re: RELEASE BLOCKER: Linux doesn't follow x86/x86-64 ABI wrt direction   flag

On Thu, Mar 06, 2008 at 03:12:21PM +0100, Olivier Galibert wrote:
> On Thu, Mar 06, 2008 at 03:03:15PM +0100, Paolo Bonzini wrote:
> > Olivier Galibert wrote:
> > >On Wed, Mar 05, 2008 at 05:12:07PM -0800, H. Peter Anvin wrote:
> > >>It's a kernel bug, and it needs to be fixed.
> > >
> > >I'm not convinced.  It's been that way for 15 years, it's that way in
> > >the BSD kernels, at that point it's a feature.  The bug is in the
> > >documentation, nowhere else.  And in gcc for blindly trusting the
> > >documentation.
> > 
> > No, the bug *in the kernel* was already present (if you had a signal 
> > raised during a call to memmove).  It's just more visible with GCC 4.3.
> 
> I'm curious, since when paper documentation became the Truth and
> reality became a bug?

If the kernel allows state to leak from one process to another,
for example from a process running as root to a process running as an
ordinary user, it's a bug, with possible security implications.

In this particular case not much can be communicated through a one-bit
flag, so it would only be relevant in those situations where you want
to forbid any communication channels from a given process.  So the
kernel developers might consider it a trivial bug.  Or, they could just
fix it, which I understand is the plan.


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ