lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 21 Nov 2016 17:58:53 +0100
From:   Cyril Hrubis <chrubis@...e.cz>
To:     Dmitry Vyukov <dvyukov@...gle.com>
Cc:     syzkaller <syzkaller@...glegroups.com>,
        Linux API <linux-api@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Michael Kerrisk-manpages <mtk.manpages@...il.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Sasha Levin <levinsasha928@...il.com>,
        Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
        scientist@...com, Arnd Bergmann <arnd@...db.de>,
        Carlos O'Donell <carlos@...hat.com>,
        Kostya Serebryany <kcc@...gle.com>,
        Mike Frysinger <vapier@...gle.com>,
        Dave Jones <davej@...emonkey.org.uk>,
        Tavis Ormandy <taviso@...gle.com>
Subject: Re: Formal description of system call interface

Hi!
> > Looking ahead into the future, I was also thinking that if this becomes
> > robust, we could also start an integration specification, that could
> > describe how different system calls interact with each other. Like
> > open() to read(), write() and close().
> >
> > But this is just an idea that popped in my head while reading this
> > thread. We want to start small first, but still could keep this in the
> > back of our minds for future enhancements.
> 
> 
> FWIW syzkaller does something along these lines.
> It has notion of 'resources' and of input/output arguments.
> Then it can figure out that e.g. open creates fd's, so it should be called
> before any reads/writes (provided that we want to pass in valid fd's).
> It does not have notion of "destructors" for resources (e.g. close
> destroys the passed in resource). But it should be easy to describe.

Logical extension would be to teach it that creat(), for instance,
returns file descriptor and creates a file as a side effect. That file
then could be used for a stat() or unlink() concurently, etc. But we
should also consider that not all file descriptors or files are equal,
so we may end up with some classes of files and file descriptors
some of them suitable for different subsets of operations.

I think that defining classes of objects and defining how syscalls
transform their state may yield something usable. But that would require
some serious thinking and a few trial and error implementations.

-- 
Cyril Hrubis
chrubis@...e.cz

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ