| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 6 Aug 2009 23:22:54 -0400 (EDT) From: Steven Rostedt <rostedt@...dmis.org> To: Li Zefan <lizf@...fujitsu.com> cc: Frederic Weisbecker <fweisbec@...il.com>, Ingo Molnar <mingo@...e.hu>, LKML <linux-kernel@...r.kernel.org> Subject: Re: [PATCH 3/3] tracing/filters: Support filtering for char * strings On Fri, 7 Aug 2009, Li Zefan wrote: > > > > What protection is this giving us? > > > > __field(char *) suggests it should be treated as plain pointer, > while __field_ext(char *, FILTER_PTR_STR) suggests he's aware it's > safe to dereference the pointer, for example the case in Frederic's > blk events. > > In Frederic's initial version, "char *" field will always be > attached to ptr_str filter function. This is unsafe, because for > other fields defined as "char *" but not safe to dereference, > a user still can do this: > > # echo 'name == abc' > filter > > Then we'll deref a pointer that can point to unsafe data. > > In this patch, this won't happen, as long as the developer is > aware that his use of __field_ext(char *) is right. > > Otherwise, he will just use normal __field(char *) and print > the pointer itself in TP_printk(). Ah, so the answer I'm looking for is: The filtering will not dereference "char *" unless the developer explicitly sets FILTER_PTR_STR in __field_ext. Is this above statement correct? -- Steve -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists