| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Apr 2014 23:24:00 -0700 From: Kees Cook <keescook@...omium.org> To: Andi Kleen <ak@...ux.intel.com> Cc: Andrew Morton <akpm@...ux-foundation.org>, LKML <linux-kernel@...r.kernel.org>, David Howells <dhowells@...hat.com>, Randy Dunlap <rdunlap@...radead.org>, Ingo Molnar <mingo@...nel.org>, Peter Zijlstra <peterz@...radead.org>, Rik van Riel <riel@...hat.com>, Mel Gorman <mgorman@...e.de>, Li Zefan <lizefan@...wei.com>, Dave Hansen <dave@...ux.vnet.ibm.com>, Aaron Tomlin <atomlin@...hat.com>, Dario Faggioli <raistlin@...ux.it>, Andrew Shewmaker <agshew@...il.com>, Jens Axboe <axboe@...com>, Wanpeng Li <liwanp@...ux.vnet.ibm.com>, Benjamin Herrenschmidt <benh@...nel.crashing.org>, Frederic Weisbecker <fweisbec@...il.com>, Pavel Emelyanov <xemul@...allels.com>, Andrey Vagin <avagin@...nvz.org>, Michael Ellerman <michael@...erman.id.au> Subject: Re: [PATCH v2 1/4] sysctl: clean up char buffer arguments On Thu, Apr 17, 2014 at 5:28 PM, Andi Kleen <ak@...ux.intel.com> wrote: > BTW if you're worried about sysctl races you may also want to resurrect > https://lkml.org/lkml/2009/12/20/214 Yeah, this had bothered me too while reading the code. The only "good" news is that the strings are always NULL terminated and only "old" contents can ever leak. Still, it's kind of horrible that there is no locking here. :) -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists