| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 21 Feb 2017 12:51:23 -0800
From: Stephen Hemminger <stephen@...workplumber.org>
To: Kees Cook <keescook@...omium.org>
Cc: Eddie Kovsky <ewk@...ovsky.org>, Jessica Yu <jeyu@...hat.com>,
Rusty Russell <rusty@...tcorp.com.au>,
KY Srinivasan <kys@...rosoft.com>,
Haiyang Zhang <haiyangz@...rosoft.com>,
Stephen Hemminger <sthemmin@...rosoft.com>,
LKML <linux-kernel@...r.kernel.org>,
"kernel-hardening@...ts.openwall.com"
<kernel-hardening@...ts.openwall.com>
Subject: Re: [PATCH v2 1/3] module: verify address is read-only
On Tue, 21 Feb 2017 12:32:16 -0800
Kees Cook <keescook@...omium.org> wrote:
> On Mon, Feb 20, 2017 at 9:14 AM, Stephen Hemminger
> <stephen@...workplumber.org> wrote:
> > On Fri, 17 Feb 2017 21:58:42 -0800
> > "Eddie Kovsky" <ewk@...ovsky.org> wrote:
> >
> >> Implement a mechanism to check if a module's address is in
> >> the rodata or ro_after_init sections. It mimics the exsiting functions
> >> that test if an address is inside a module's text section.
> >>
> >> Signed-off-by: Eddie Kovsky <ewk@...ovsky.org>
> >
> > I don't see the point of this for many of the hyper-v functions.
> > They are only called from a small number of places, and this can be validated
> > by code inspection. Adding this seems just seems to be code bloat to me.
>
> I think it has value in that it effectively blocks any way for
> non-ro_after_init structures from being passed into these functions.
> Since there are so few callers now, it's the perfect place to add
> this.
>
> -Kees
>
Maybe for a more used API, but for such a corner case it is code bloat.
Powered by blists - more mailing lists