| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTikkeQNzTMs_AifJFFU3oEKAmMBaCO9PCRWLRTSo@mail.gmail.com> Date: Thu, 2 Dec 2010 18:10:05 +0800 From: Changli Gao <xiaosuo@...il.com> To: Eric Dumazet <eric.dumazet@...il.com> Cc: David Miller <davem@...emloft.net>, hagen@...u.net, wirelesser@...il.com, netdev@...r.kernel.org, Dan Rosenberg <drosenberg@...curity.com> Subject: Re: [PATCH net-next-2.6] filter: add a security check at install time On Thu, Dec 2, 2010 at 5:54 PM, Eric Dumazet <eric.dumazet@...il.com> wrote: > Le jeudi 02 décembre 2010 à 17:10 +0800, Changli Gao a écrit : >> >> Oops. We were wrong. The RAM of BPF machine is initialized to 0. So >> loading from a cell, in which no value is stored before, is valid. So >> we can't prevent the following instructions. >> > > It was not 'initialized to 0', thats the point of previous patches. > I checked the implementation of bpf in FreeBSD, and found RAM isn't initialized to 0. Then it could not be a common 'feature', and no application relies on it. Maybe we can drop this 'feature' added by accident, and break the 'ABI'. Now, I agree with you totally. Thank for your explaining.. Acked-by: Changli Gao <xiaosuo@...il.com> > > (By the way, I believe FreeBSD has the security problem Dan reported to us) Yes. it doesn't do this check. -- Regards, Changli Gao(xiaosuo@...il.com) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists