lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190830073154.GO1119@dread.disaster.area>
Date:   Fri, 30 Aug 2019 17:31:54 +1000
From:   Dave Chinner <david@...morbit.com>
To:     Austin Kim <austindh.kim@...il.com>
Cc:     darrick.wong@...cle.com, linux-xfs@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] xfs: Initialize label array properly

On Fri, Aug 30, 2019 at 02:37:07PM +0900, Austin Kim wrote:
> In case kernel stack variable is not initialized properly,
> there is a risk of kernel information disclosure.
> 
> So, initialize 'char label[]' array with null characters.

Can you describe the information disclosure vector here? I can't see
any, mostly because this is the "set label" function and that
doesn't return anything to userspace.

We also zero the on-disk label before we copy the user label into
it, so I don't see that anything can leak onto disk, either...

Cheers,

Dave.
-- 
Dave Chinner
david@...morbit.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ