| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20230921182910.2fcce58b27b23f767050033c@linux-foundation.org>
Date: Thu, 21 Sep 2023 18:29:10 -0700
From: Andrew Morton <akpm@...ux-foundation.org>
To: Florent Revest <revest@...omium.org>
Cc: linux-kernel@...r.kernel.org, linux-mm@...ck.org,
catalin.marinas@....com, anshuman.khandual@....com,
joey.gouly@....com, mhocko@...e.com, keescook@...omium.org,
david@...hat.com, peterx@...hat.com, izbyshev@...ras.ru,
broonie@...nel.org, szabolcs.nagy@....com, kpsingh@...nel.org,
gthelen@...gle.com, toiwoton@...il.com, ayush.jain3@....com,
stable@...r.kernel.org
Subject: Re: [PATCH v4 4/6] mm: Make PR_MDWE_REFUSE_EXEC_GAIN an unsigned
long
On Mon, 28 Aug 2023 17:08:56 +0200 Florent Revest <revest@...omium.org> wrote:
> Defining a prctl flag as an int is a footgun because on a 64 bit machine
> and with a variadic implementation of prctl (like in musl and glibc),
> when used directly as a prctl argument, it can get casted to long with
> garbage upper bits which would result in unexpected behaviors.
>
> This patch changes the constant to an unsigned long to eliminate that
> possibilities. This does not break UAPI.
>
> Fixes: b507808ebce2 ("mm: implement memory-deny-write-execute as a prctl")
> Cc: stable@...r.kernel.org
> Signed-off-by: Florent Revest <revest@...omium.org>
> Suggested-by: Alexey Izbyshev <izbyshev@...ras.ru>
> Reviewed-by: David Hildenbrand <david@...hat.com>
> Reviewed-by: Kees Cook <keescook@...omium.org>
> Acked-by: Catalin Marinas <catalin.marinas@....com>
Why is this being offered to -stable? Does it fix any known problem?
Powered by blists - more mailing lists