| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 Mar 2020 17:15:54 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: Joe Perches <joe@...ches.com>
Cc: Alexander Potapenko <glider@...gle.com>,
"open list:ANDROID DRIVERS" <devel@...verdev.osuosl.org>,
Kees Cook <keescook@...omium.org>,
Jann Horn <jannh@...gle.com>,
Peter Zijlstra <peterz@...radead.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
LKML <linux-kernel@...r.kernel.org>,
Arve Hjønnevåg <arve@...roid.com>,
Ingo Molnar <mingo@...hat.com>,
Dmitriy Vyukov <dvyukov@...gle.com>,
Todd Kjos <tkjos@...gle.com>
Subject: Re: [PATCH v2 2/3] binder: do not initialize locals passed to
copy_from_user()
On Tue, Mar 03, 2020 at 05:56:51AM -0800, Joe Perches wrote:
> > The real fix is to initialize everything manually, the automated
> > initialization is a hardenning feature which many people will disable.
> > So I don't think the hardenning needs to be perfect, it needs to simple
> > and fast.
>
> Dan, perhaps I don't understand you.
> Can you clarify what you mean?
I'm basically agreeing with you.
Even though copy_from_user() might only initialize part of the struct
we should just record that it initializes the struct without getting
bogged down in details. The annotation should be simple.
If the automated system to initialize stack variables doesn't work 100%
that's okay because it's a supplement and not a replacement for manually
initializing stack variables.
regards,
dan carpenter
Powered by blists - more mailing lists