lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Thu, 14 Feb 2019 12:52:09 -0500
From:   Sven Van Asbroeck <thesven73@...il.com>
To:     Julia Lawall <julia.lawall@...6.fr>
Cc:     Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Kees Cook <keescook@...omium.org>
Subject: Re: Fwd: [RFC v1 0/3] Address potential user-after-free on module unload

Hello Julia,

On Fri, Feb 8, 2019 at 1:57 AM Julia Lawall <julia.lawall@...6.fr> wrote:
>
> > - is this important enough to ping back to authors of affected modules?
> > - should this be added to the kernel as part of 'make coccicheck' ?
> > - does this result make people "feel better" about devm_init_work() ?
>
> If the answer to the other two questions is yes, then the answer to the
> second question is yes as well.

Some maintainers seem to accept the patches created to fix the issues
flagged by this script. So maybe it's worthwhile to try and get this
into scripts/coccinelle.

Before we get started: even in a best-case scenario, the script will flag
issues which should not, or cannot be fixed. This could be because
they are false positives, or even because the author/maintainer does
not wish the issue fixed. So when the script is run, how do you 'filter out'
warnings that should be ignored? Is there anything specific I
should add to the script to accommodate this?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ