| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 12 Jun 2017 12:25:39 -0400
From: Steven Rostedt <rostedt@...dmis.org>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: linux-kernel@...r.kernel.org, stable@...r.kernel.org,
Amey Telawane <ameyt@...eaurora.org>,
Amit Pundir <amit.pundir@...aro.org>
Subject: Re: [PATCH 4.11 145/150] tracing: Use strlcpy() instead of strcpy()
in __trace_find_cmdline()
On Mon, 12 Jun 2017 18:05:00 +0200
Greg Kroah-Hartman <gregkh@...uxfoundation.org> wrote:
> > Link: http://lkml.kernel.org/r/1493806274-13936-1-git-send-email-amit.pundir@linaro.org
> Hm, Amit asked me to merge all of these for some reason. I guess people
> see the "oh, look, strcpy is bad!" and jump to wrong conclusions.
I said the same thing when accepting it. From the thread that is
referenced by the Link tag:
https://marc.info/?l=linux-kernel&m=149382004318095&w=2
"Note, I don't see anyway to trigger a bug. To me this looks simply like
someone saw "strcpy" and said to themselves "oh this is a bug", when
actuality it is not. I don't mind the extra security added, but I don't
think this even needs to go to stable. The reason is that the comm used
within the kernel is always created by the kernel, and always has a
terminating nul character. There's other places in the kernel that will
bug if that is not true."
-- Steve
>
> {sigh}
>
> Amit, can I drop these and you will not get upset?
>
> thanks,
>
> greg k-h
Powered by blists - more mailing lists