| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 Nov 2017 15:08:39 +0100
From: Rasmus Villemoes <linux@...musvillemoes.dk>
To: Kees Cook <keescook@...omium.org>
Cc: kernel-hardening@...ts.openwall.com,
LKML <linux-kernel@...r.kernel.org>,
Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [RFC 0/6] some compile- and run-time format checking
On 9 November 2017 at 02:11, Kees Cook <keescook@...omium.org> wrote:
> On Wed, Nov 8, 2017 at 2:30 PM, Rasmus Villemoes
> <linux@...musvillemoes.dk> wrote:
>>
>> Rasmus Villemoes (6):
>> plugins: implement format_template attribute
>> compiler.h: add __format_template
>
> Could you split these two off and send separately? This seems like a
> fine thing to get in now.
Will do.
> Probably the second patch should be split up
> between adding __format_template, and additions of its usage.
Yeah.
> Do you have any good ways to find and extract all the dynamic format strings
> we need to mark?
IIRC, I just did a git grep for designated initializers where the RHS
was a string literal containing a % char. Not sure that counts as a
good way :)
Doing that now finds stuff like
drivers/scsi/hisi_sas/hisi_sas_v2_hw.c, where the .msg member cannot
be annotated with a single template. Maybe one can work around that by
replacing .msg with an anon union of msg_onebit/msg_multibit, with
each their own template; I don't know if that will work, or if it will
be deemed too much churn (it doesn't provide that much safety, since
it would then just rely on accessing the right union member). Maybe
the run-time checking is best for that case.
Rasmus
Powered by blists - more mailing lists