lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 Aug 2020 15:26:11 -0700 From: Kees Cook <keescook@...omium.org> To: Andy Shevchenko <andy.shevchenko@...il.com> Cc: Masahiro Yamada <masahiroy@...nel.org>, Nick Desaulniers <ndesaulniers@...gle.com>, Joe Perches <joe@...ches.com>, clang-built-linux <clang-built-linux@...glegroups.com>, stable <stable@...r.kernel.org>, Andy Lavr <andy.lavr@...il.com>, Arvind Sankar <nivedita@...m.mit.edu>, Rasmus Villemoes <linux@...musvillemoes.dk>, Sami Tolvanen <samitolvanen@...gle.com>, Andrew Morton <akpm@...ux-foundation.org>, Andy Shevchenko <andriy.shevchenko@...ux.intel.com>, Alexandru Ardelean <alexandru.ardelean@...log.com>, Yury Norov <yury.norov@...il.com>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: [PATCH v3] lib/string.c: implement stpcpy On Thu, Aug 27, 2020 at 11:05:42PM +0300, Andy Shevchenko wrote: > In general it's better to have a robust API, but what may go wrong > with the interface where we have no length of the buffer passed, but > we all know that it's PAGE_SIZE? > So, what's wrong with doing something like > strcpy(buf, "Yes, we know we won't overflow here\n"); (There's a whole thread[1] about this right now, actually.) The problem isn't the uses where it's safe (obviously), it's about the uses where it is NOT safe. (Or _looks_ safe but isn't.) In order to eliminate bug classes, we need remove the APIs that are foot-guns. Even if one developer never gets it wrong, others might. [1] https://lore.kernel.org/lkml/c256eba42a564c01a8e470320475d46f@AcuMS.aculab.com/T/#mac95487d7ae427de03251b49b75dd4de40c2462d -- Kees Cook
Powered by blists - more mailing lists