| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAFf+5zib-hqPhUjG3_9=Nxv+CovdNFV=Wc3mcFN1ovnmXH2mgg@mail.gmail.com> Date: Tue, 13 Jan 2026 17:33:06 +0530 From: Amit <amitchoudhary0523@...il.com> To: linux-kernel@...r.kernel.org Subject: Re: Catching use-after-free easily in linux kernel. On Tue, 11 Mar 2025 at 06:05, Al Viro <viro@...iv.linux.org.uk> wrote: > > On Mon, Mar 10, 2025 at 01:24:54PM +0530, Amit wrote: > > Hi, > > > > We can catch use-after-free easily if we do the following: > > > > kfree(x); > > (x) = NULL; > > > > Now, if someone uses 'x' again then the kernel will crash and we will know where > > the use-after-free is happening and then we can fix it. > > That assumes that no pointer is ever stored in more than one place. > Which is very clearly false. In general, I don't think that in linux kernel ""lots of dynamic pointers"" are being cached/saved/duplicated in global structures - I haven't gone through all the kernel code but I can't think of logical scenarios where ""lots of dynamic pointers"" will be cached/saved/duplicated in global structures. By dynamic pointers, I mean pointers to transient memory/data that can come and go (not like pointers to pre-allocated inodes of filesystems like ext4, etc.). And, obviously, local caching/saving/duplication (caching/saving/duplication in a function) doesn't matter. So, the above code should be very effective. Also, something is better than nothing. ----
Powered by blists - more mailing lists