lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20090318134341.GB22636@us.ibm.com>
Date:	Wed, 18 Mar 2009 08:43:41 -0500
From:	"Serge E. Hallyn" <serue@...ibm.com>
To:	Oren Laadan <orenl@...columbia.edu>
Cc:	Dave Hansen <dave@...ux.vnet.ibm.com>, containers@...ts.osdl.org,
	Dan Smith <danms@...ibm.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/3] c/r: Add CR_COPY() macro (v3)

Quoting Oren Laadan (orenl@...columbia.edu):
> 
> 
> Serge E. Hallyn wrote:
> > Quoting Dave Hansen (dave@...ux.vnet.ibm.com):
> >> On Tue, 2009-03-03 at 16:57 -0800, Dan Smith wrote:
> >>> DH> Did you convince Nathan that this ends up being a good idea?
> >>>
> >>> Technically he hasn't seen this version, but my hopes are not high
> >>> that he will change his mind.  If the feedback is that they're not
> >>> liked, I'll happily remove them.
> >> I just figure if Nathan feels that strongly that we'll encounter more
> >> people who feel even more so.  So, I was curious if he changed his mind
> >> somehow.
> > 
> > I maintain however that two strong advantages of moving the checkpoint
> > and restart of simple registers etc into a single function are:
> > 
> > 	1. we won't forget to add (or accidentally lose) one or the
> > 		other
> > 	2. any actual special handling at checkpoint or restart, like
> > 		the loading of access registers at restart on s390x,
> > 		stand out
> > 
> 
> I, too, think that this scheme is elegant, and at the same time I, too,
> think that it obfuscates the code. Since I only touch arch-dependent code
> only if I really really must, I don't have strong opinion about it ;)
> 
> However, a problem with this scheme is that checkpoint and restart
> are not fully symmetric -- on restart we must sanitize the input data
> before restoring the registers to that data. I'm not familiar with
> s390, but it is likely that by not doing so we create a security issue.
> 
> Oren.

But that's exactly why I think CR_COPY() helps - the sanitation is
explicit next to some boring CR_COPY()s.  It becomes clearer that
it is being done.

Anyway we've got plenty of other, bigger hurdles to clear, so while
I do have a strong opinion, I'm not planning on pushing hard either
way.

thanks,
-serge
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ