lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAFf+5zgTgX6kfoaxJk_BtKOkFHGisxatayxMN4XcM_wRJw9Bnw@mail.gmail.com>
Date: Tue, 11 Mar 2025 08:59:02 +0530
From: Amit <amitchoudhary0523@...il.com>
To: Al Viro <viro@...iv.linux.org.uk>
Cc: linux-kernel@...r.kernel.org
Subject: Re: Catching use-after-free easily in linux kernel.

On Tue, 11 Mar 2025 at 06:05, Al Viro <viro@...iv.linux.org.uk> wrote:
>
> On Mon, Mar 10, 2025 at 01:24:54PM +0530, Amit wrote:
> > Hi,
> >
> > We can catch use-after-free easily if we do the following:
> >
> > kfree(x);
> > (x) = NULL;
> >
> > Now, if someone uses 'x' again then the kernel will crash and we will know where
> > the use-after-free is happening and then we can fix it.
>
> That assumes that no pointer is ever stored in more than one place.
> Which is very clearly false.


I will do some experiments and then I will reply if I find something.

I will introduce a global macro and then change all kfree() to this
macro name using cscope probably.

Then I will compile the kernel and run the new kernel and see if some
crash is happening or not.

My computer is x86_64, so I will be able to test only this architecture.

----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ