| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 21 Jun 2024 14:44:05 -0700 From: Guenter Roeck <linux@...ck-us.net> To: Kees Cook <kees@...nel.org> Cc: Eric Biederman <ebiederm@...ssion.com>, Al Viro <viro@...iv.linux.org.uk>, Christian Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>, Alexey Dobriyan <adobriyan@...il.com>, Laurent Vivier <laurent@...ier.eu>, Lukas Bulwahn <lukas.bulwahn@...il.com>, Justin Stitt <justinstitt@...gle.com>, linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-mm@...ck.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH v2 0/2] exec: Avoid pathological argc, envc, and bprm->p values On 6/21/24 13:50, Kees Cook wrote: > Hi, > > This pair of patches replaces the last patch in this[1] series. > > Perform bprm argument overflow checking but only do argmin checks for MMU > systems. To avoid tripping over this again, argmin is explicitly defined > only for CONFIG_MMU. Thank you to Guenter Roeck for finding this issue > (again)! > That does make me wonder: Is anyone but me testing, much less running, the nommu code in the kernel ? mps2-an385 trips over the same problem, and xtensa:nommu_kc705_defconfig doesn't even build in linux-next right now (spoiler alert: I suspect that the problem is caused by "kunit: test: Add vm_mmap() allocation resource manager", but I did not have time to bisect it). I am kind of tired keeping those tests alive, and I would not exactly shed tears if nommu support would just be dropped entirely. Guenter
Powered by blists - more mailing lists