lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 23 Feb 2022 22:21:59 +0000
From:   David Laight <David.Laight@...LAB.COM>
To:     'Linus Torvalds' <torvalds@...ux-foundation.org>,
        Arnd Bergmann <arnd@...db.de>
CC:     Jakob <jakobkoschel@...il.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        linux-arch <linux-arch@...r.kernel.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Kees Cook <keescook@...omium.org>,
        Mike Rapoport <rppt@...nel.org>,
        "Gustavo A. R. Silva" <gustavo@...eddedor.com>,
        Brian Johannesmeyer <bjohannesmeyer@...il.com>,
        Cristiano Giuffrida <c.giuffrida@...nl>,
        "Bos, H.J." <h.j.bos@...nl>
Subject: RE: [RFC PATCH 03/13] usb: remove the usage of the list iterator
 after the loop

From: Linus Torvalds
> Sent: 23 February 2022 20:55
> 
> On Wed, Feb 23, 2022 at 12:43 PM Linus Torvalds
> <torvalds@...ux-foundation.org> wrote:
> >
> > Of course, the C standard being the bunch of incompetents they are,
> > they in the process apparently made left-shifts undefined (rather than
> > implementation-defined). Christ, they keep on making the same mistakes
> > over and over. What was the definition of insanity again?
> 
> Hey, some more googling on my part seems to say that somebody saw the
> light, and it's likely getting fixed in newer C standard version.
> 
> So it was just a mistake, not actual malice. Maybe we can hope that
> the tide is turning against the "undefined" crowd that used to rule
> the roost in the C standards bodies. Maybe the fundamental security
> issues with undefined behavior finally convinced people how bad it
> was?

IIRC UB includes 'fire an ICBM at the writer of the standards document'.
There isn't an 'undefined value' or even 'undefined value or program trap'
option.

It also seems to me that the compiler people are picking on things
in the standard that are there to let 'obscure machines conform'
and then using them to break perfectly reasonable programs.

Signed arithmetic is not required to wrap so that cpu (eg DSP)
can do saturating maths - not so the compiler can remove some
conditionals.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ