| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAK5ve-KLmETc1Ym1xvwTuvG7f5O1w6s=u3fgdGcYT8GHCWT+VA@mail.gmail.com> Date: Fri, 27 Mar 2015 10:24:53 -0700 From: Bryan Wu <cooloney@...il.com> To: Ricardo Ribalda Delgado <ricardo.ribalda@...il.com>, Wu Fengguang <fengguang.wu@...el.com> Cc: Sakari Ailus <sakari.ailus@....fi>, Richard Purdie <rpurdie@...ys.net>, Linux LED Subsystem <linux-leds@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Christopher Li <sparse@...isli.org> Subject: Re: [PATCH v3] led/led-class: Handle LEDs with the same name On Fri, Mar 27, 2015 at 1:09 AM, Ricardo Ribalda Delgado <ricardo.ribalda@...il.com> wrote: > Hi Sakari > > cc: adding Greg (core and FormatGuard) and Chistopher (sparse) >> >> I just realised there was another issue --- the name is now interpreted as >> format string. Bad things will happen if there's e.g. %s in the name itself >> --- perhaps unlikely, but possible. > > Good catch! > > Would it be possible to add a sparse check to avoid this in all the kernel? > > And what about a macro protection like FormatGuard? > > https://www.usenix.org/legacy/events/sec01/full_papers/cowanbarringer/cowanbarringer.pdf > > I think Fengguang's 0-DAY kernel test infrastructure can help this. -Bryan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists