| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Sep 2020 21:22:19 -0700
From: Joe Perches <joe@...ches.com>
To: Kees Cook <keescook@...omium.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: "Rafael J . Wysocki" <rafael@...nel.org>,
Denis Efremov <efremov@...ux.com>,
Julia Lawall <julia.lawall@...ia.fr>,
Alex Dewar <alex.dewar90@...il.com>,
linux-kernel@...r.kernel.org, Jonathan Corbet <corbet@....net>,
linux-doc@...r.kernel.org
Subject: Re: [PATCH V3 1/8] sysfs: Add sysfs_emit and sysfs_emit_at to
format sysfs output
On Wed, 2020-09-30 at 21:17 -0700, Kees Cook wrote:
> On Wed, Sep 30, 2020 at 01:57:40PM +0200, Greg Kroah-Hartman wrote:
> > Kees, and Rafael, I don't know if you saw this proposal from Joe for
> > sysfs files, questions below:
>
> I'm a fan. I think the use of sprintf() in sysfs might have been one of
> my earliest complaints about unsafe code patterns in the kernel. ;)
[]
> > > + if (WARN(!buf || offset_in_page(buf),
> > > + "invalid sysfs_emit: buf:%p\n", buf))
The dump_stack() is also going to emit pointers
so I don't see how it does anything but help
show where the buffer was. It is hashed...
> I don't want the %p here, but otherwise, sure. I'd also make it a _ONCE
> variant:
>
> if (WARN_ONCE(!buf || offset_in_page(buf),
> "invalid sysfs_emit: offset_in_page(buf):%zd\n",
> buf ? offset_in_page(buf) : 0))
I don't think that helps as multiple defects can easily
exist. Log spam in this case isn't horrible either.
Powered by blists - more mailing lists