lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAFf+5ziTDC1RYyfwRMdYMxtdDmb1dk=PY4++2aM3e1M444zO8A@mail.gmail.com>
Date: Tue, 11 Mar 2025 12:18:08 +0530
From: Amit <amitchoudhary0523@...il.com>
To: Al Viro <viro@...iv.linux.org.uk>
Cc: linux-kernel@...r.kernel.org
Subject: Re: Catching use-after-free easily in linux kernel.

On Tue, 11 Mar 2025 at 10:12, Al Viro <viro@...iv.linux.org.uk> wrote:
>
> On Tue, Mar 11, 2025 at 08:46:36AM +0530, Amit wrote:
> > On Tue, Mar 11, 2025, 6:05 AM Al Viro <viro@...iv.linux.org.uk> wrote:
> >
> > > On Mon, Mar 10, 2025 at 01:24:54PM +0530, Amit wrote:
> > > > Hi,
> > > >
> > > > We can catch use-after-free easily if we do the following:
> > > >
> > > > kfree(x);
> > > > (x) = NULL;
> > > >
> > > > Now, if someone uses 'x' again then the kernel will crash and we will
> > > know where
> > > > the use-after-free is happening and then we can fix it.
> > >
> > > That assumes that no pointer is ever stored in more than one place.
> > > Which is very clearly false.
> > >
> >
> >
> > I will do some experiments and then I will reply if I find something.
> >
> > I will introduce a global macro and then change all kfree() to this macro
> > name using cscope probably.
> >
> > Then I will compile the kernel and run the new kernel and see if some crash
> > is happening or not.
>
> What would that test, exactly?  And why would that be any more useful than
> adding global variables named wank and magic and replacing every kfree(p) with
> ((magic = wank++),kfree(p))?  That also would not introduce any crashes...

My test is quite evident from my first mail (kfree(x); x = NULL;).

Your example is nowhere related to my proposal.

So, either you didn't understand my issue properly or you thought that
I was a fool. That's ok.

You thought that I was a fool and I also think that you are a fool.

Tit for tat.

By the way, if you think that you are great because you are working in
the linux kernel then at least I don't think so.

I have also contributed a few patches to the linux kernel a long time
ago and they were mostly related to memory leaks.

Anyone who spends ""one year"" hacking the linux kernel will become a
great linux kernel programmer.

By the way, from my point of view, there's not much to do in the linux
kernel ""now"". The main part of the kernel is device drivers and
device drivers can only be written by people who have access to the
hardware and the data sheet of the hardware. And these guys are mostly
employed people in companies that release new hardware like Broadcom,
etc.

I had done a lot of hardware programming for ethernet switches at
Juniper Networks in the FreeBSD kernel.

I have worked on a few other kernels also - RT Linux, Nucleus OS,
HP-UX, and VxWorks.

If device drivers are taken out then there's not much work in the
kernel - the only things left will be filesystems and networking
subsystem and scheduling but probably there's not much to do there.

So, the real stuff in the kernel is done by people who work for
companies that develop new hardware and give the driver code to the
linux kernel.

Long time ago, I also worked on the linux kernel's wireless driver as
an employee of a company (my work was related to searching for new APs
if the signal quality falls below a certain threshold and then joining
an AP having the highest signal quality - this was not there in the
kernel at that time). However, the end client didn't give us the
permission to release the patches to the linux kernel.

I had also made modifications to the RT Linux kernel a long time ago,
basically related to scheduling and priority inversion.

Anyways, given all this, I actually don't think that people who work
in the linux kernel are great people EXCEPT LINUS TORVALDS.

Linus Torvalds is a great person and a great software engineer and he
doesn't have much ego and he doesn't throw around his ego over all
people.

----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ