lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20170627192242.GI23705@tassilo.jf.intel.com>
Date:   Tue, 27 Jun 2017 12:22:42 -0700
From:   Andi Kleen <ak@...ux.intel.com>
To:     Kees Cook <keescook@...omium.org>
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Ingo Molnar <mingo@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        "Jason A. Donenfeld" <Jason@...c4.com>,
        Thomas Hellstrom <thellstrom@...are.com>,
        Daniel Micay <danielmicay@...il.com>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] kref: Avoid null pointer dereference after WARN

On Tue, Jun 27, 2017 at 12:00:02PM -0700, Kees Cook wrote:
> From: Daniel Micay <danielmicay@...il.com>
> 
> The WARN_ON() checking for a NULL release pointer was (sensibly)
> removed in commit ec48c940da6c ("kref: remove WARN_ON for NULL release
> functions") since it offered no protection at all about calling a NULL
> release pointer. However, it should instead be a BUG() since continuing
> with a NULL release pointer will lead to a NULL pointer execution
> anyway. Systems with an incorrectly set mmap_min_addr and no PXN/SMEP
> protection would be left open to executing userspace memory.

There's still no evidence that actually would prevented anything
exploitable?

Who would actually set mman_min_addr incorrectly?
And of course near all modern systems have SMEP/SMAP.

Surviving minor problems is actually a feature, not a bug.
Linux was always better than other Unixes here, which
are typically far too panic happy.

If you really want it, I would rather add bug/panic_on_warn sysctl
that does this for every warning but make it default to off. 

That would actually cover more cases.

I could see panic_on_warn being moderately useful for debugging
when crash dumps are enabled.

-Andi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ