lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CANiq72mifyQZ_13ZWYi2_cdcx9G3dOSVVtywC++6s0P_6JKAGQ@mail.gmail.com>
Date: Tue, 6 Aug 2024 12:46:50 +0200
From: Miguel Ojeda <miguel.ojeda.sandonis@...il.com>
To: Kees Cook <kees@...nel.org>
Cc: Andy Shevchenko <andy@...nel.org>, Justin Stitt <justinstitt@...gle.com>, 
	Luc Van Oostenryck <luc.vanoostenryck@...il.com>, Nick Desaulniers <ndesaulniers@...gle.com>, 
	Miguel Ojeda <ojeda@...nel.org>, Marco Elver <elver@...gle.com>, 
	Nathan Chancellor <nathan@...nel.org>, Hao Luo <haoluo@...gle.com>, 
	Przemek Kitszel <przemyslaw.kitszel@...el.com>, linux-sparse@...r.kernel.org, 
	linux-hardening@...r.kernel.org, Bill Wendling <morbo@...gle.com>, 
	Mark Rutland <mark.rutland@....com>, Jakub Kicinski <kuba@...nel.org>, 
	Alexander Lobakin <aleksander.lobakin@...el.com>, Tony Ambardar <tony.ambardar@...il.com>, 
	Petr Pavlu <petr.pavlu@...e.com>, linux-kernel@...r.kernel.org, llvm@...ts.linux.dev
Subject: Re: [PATCH] string: Check for "nonstring" attribute on strscpy() arguments

On Mon, Aug 5, 2024 at 11:43 PM Kees Cook <kees@...nel.org> wrote:
>
> +/* Determine if an attribute has been applied to a variable. */
> +#if __has_builtin(__builtin_has_attribute)
> +#define __annotated(var, attr) __builtin_has_attribute(var, attr)
> +#else
> +#define __annotated(var, attr) (false)
> +#endif

`__annotated` is obviously best-effort given this definition, and we
do similar things elsewhere, and it has a double-underscore. However,
I wonder if this being a "query" (vs. something like an attribute) may
imply that it has a greater risk of someone thinking it will always
reply with the right answer... (if e.g. they copy-paste another use).
Perhaps there is a more explicit name to let users recall that.

Anyway, it looks sensible to me: more compile-time checking seldomly
hurts (apart from complexity in these definitions :). So:

Reviewed-by: Miguel Ojeda <ojeda@...nel.org>

I also introduced a mistake on purpose and I got the expected build error, so:

Tested-by: Miguel Ojeda <ojeda@...nel.org>

Cheers,
Miguel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ