lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ff8135a6-506f-330f-89fb-f98672467b27@cs.fau.de>
Date:   Wed, 15 Mar 2023 17:51:19 +0100
From:   Luis Gerhorst <gerhorst@...fau.de>
To:     Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        John Fastabend <john.fastabend@...il.com>,
        Andrii Nakryiko <andrii@...nel.org>,
        Martin KaFai Lau <martin.lau@...ux.dev>,
        Song Liu <song@...nel.org>, Yonghong Song <yhs@...com>,
        KP Singh <kpsingh@...nel.org>,
        Stanislav Fomichev <sdf@...gle.com>,
        Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>,
        Andrei Matei <andreimatei1@...il.com>, bpf@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: bpf: misleading spec_v1 check on variable-offset stack read?

Hello,

is there any way to introduce variable-offset (stack) pointers without 
using pointer arithmetic (BPF_ADD/SUB)? If yes, I believe this is a 
security issue because these can be used in stack writes. If not, I 
think the patch sent in reply to this mail should be applied. (I was not 
able to find any indication that the former is the case.)

Best regards,
Luis


Download attachment "smime.p7s" of type "application/pkcs7-signature" (5976 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ