| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4A2223FE.3000309@cs.helsinki.fi> Date: Sun, 31 May 2009 09:30:22 +0300 From: Pekka Enberg <penberg@...helsinki.fi> To: "Larry H." <research@...reption.com> CC: Alan Cox <alan@...rguk.ukuu.org.uk>, Rik van Riel <riel@...hat.com>, Ingo Molnar <mingo@...e.hu>, linux-kernel@...r.kernel.org, Linus Torvalds <torvalds@...l.org>, linux-mm@...ck.org, Ingo Molnar <mingo@...hat.com>, pageexec@...email.hu, Linus Torvalds <torvalds@...ux-foundation.org> Subject: Re: [patch 0/5] Support for sanitization flag in low-level page allocator Larry H. wrote: > OK, I'm going to squeeze some time and provide patches that perform the > same my original page bit ones did, but using kzfree. Behold code like > in the tty buffer management, which uses the page allocator directly for > allocations greater than PAGE_SIZE in length. That needs special > treatment, and is exactly the reason I've proposed unconditional > sanitization since the original patches were rejected. You might want to also do the patch Alan suggested for the security conscious people. That is, do a memset() in every page free and wrap that under CONFIG_SECURITY_PARANOIA or something. There's no reason the kzfree() patches and that can't co-exist. Pekka -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists