| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4F481663.5371.216F475B@pageexec.freemail.hu> Date: Fri, 24 Feb 2012 23:59:47 +0200 From: "PaX Team" <pageexec@...email.hu> To: Nick Bowler <nbowler@...iptictech.com>, Vasiliy Kulikov <segoon@...nwall.com> CC: Kees Cook <keescook@...omium.org>, Greg KH <gregkh@...uxfoundation.org>, David Windsor <dwindsor@...il.com>, Roland Dreier <roland@...estorage.com>, Djalal Harouni <tixxdz@...ndz.org>, kernel-hardening@...ts.openwall.com, Ubuntu security discussion <ubuntu-hardened@...ts.ubuntu.com>, linux-kernel@...r.kernel.org, spender@...ecurity.net Subject: Re: [kernel-hardening] Re: Add overflow protection to kref On 24 Feb 2012 at 23:13, Vasiliy Kulikov wrote: > > But in this case, the principle does not apply because we can recover. > > The reason we cannot recover from the stack protector case is because > > the stack protector is reacting after the fact, which is not the case > > here. Simply peg the reference count at the maximum value, neither > > incrementing it nor decrementing it further. > > ...and simply loose one reference, which leads to use-after-free. saturating the refcount keeps the protected object allocated, so it is a memory leak, but it is not a use-after-free. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists