| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Nov 2010 12:18:40 -0800 From: Andrew Morton <akpm@...ux-foundation.org> To: Andreas Dilger <adilger.kernel@...ger.ca> Cc: wharms@....de, Américo Wang <xiyou.wangcong@...il.com>, Eric Dumazet <eric.dumazet@...il.com>, Vasiliy Kulikov <segoon@...nwall.com>, kernel-janitors@...r.kernel.org, Alexander Viro <viro@...iv.linux.org.uk>, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, Jakub Jelinek <jakub@...hat.com> Subject: Re: [PATCH v2] fs: select: fix information leak to userspace On Tue, 23 Nov 2010 11:02:44 -0700 Andreas Dilger <adilger.kernel@...ger.ca> wrote: > On 2010-11-23, at 07:45, walter harms wrote: > > Maybe we can convince the gcc people to make 0 padding default. That will not solve the problems for other compilers but when they claim "works like gcc" we can press then to support this also. I can imagine that this will close some other subtle leaks also. > > It makes the most sense to tackle this at the GCC level, since the added overhead of doing memset(0) on the whole struct may be non-trivial for commonly-used and/or large structures. (My, what long lines you have!) We can't reasonably address this with gcc changes. If gcc starts doing what we want in the next release, how long will it be until that release is the *oldest* version of gcc which the kernel may be compiled with? Five years? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists