| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8c91e0ff-dc31-4f94-8008-33d8c3d3c8ef@email.android.com> Date: Sun, 06 May 2012 16:48:00 -0700 From: "H. Peter Anvin" <hpa@...or.com> To: David Miller <davem@...emloft.net> CC: viro@...IV.linux.org.uk, torvalds@...ux-foundation.org, linux-kernel@...r.kernel.org, ralf@...ux-mips.org Subject: Re: [PATCH] broken TASK_SIZE for ia32_aout Why not just make it illegal to make the system calls you don't care about then, to prevent any security issue? David Miller <davem@...emloft.net> wrote: >From: "H. Peter Anvin" <hpa@...or.com> >Date: Sun, 06 May 2012 13:51:30 -0700 > >> No. The input layer exports pointers in structures on the >> read/write paths, and bitmasks encoded in ASCII strings which depend >> on sizeof(long). The stupid... it burns... > >So there has to be a hack in every userland application wherein we >teach it no only about this issue, but add special code to teach it >how to make 64-bit system call traps. > >FOR EVERY CPU TYPE? > >I'd rather wait for a newer less broken input API to be added, rather >than go through the pain of having to support 64-bit system calls in >32-bit apps. > >Nobody on sparc has noticed this yet, and I doubt anyone is going to >care meanwhile. -- Sent from my mobile phone. Please excuse brevity and lack of formatting. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists