| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20141119.153136.867017618826698045.davem@davemloft.net> Date: Wed, 19 Nov 2014 15:31:36 -0500 (EST) From: David Miller <davem@...emloft.net> To: viro@...IV.linux.org.uk Cc: torvalds@...ux-foundation.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [RFC] situation with csum_and_copy_... API From: Al Viro <viro@...IV.linux.org.uk> Date: Tue, 18 Nov 2014 21:23:07 +0000 > On Tue, Nov 18, 2014 at 12:49:13PM -0800, Linus Torvalds wrote: >> "access_ok()" isn't that expensive, and removing them as unnecessary >> is fraught with errors. We've had several cases of "oops, we used >> __get_user() in a loop, because it generates much better code, but >> we'd forgotten to do access_ok(), so now people can read kernel data". > > OK... If netdev folks can live with that for now, I've no problem with > dropping 3/5. However, I really think we need a variant of csum-and-copy > that would _not_ bother with access_ok() longer term. That can wait, though... I think because of the way Al verifies things at the top level, and how we structure access to these msg->msg_iov so strictly, these cases of access_ok() really can safely go. But that is just my opinion, and yes I do acknowledge that we've had serious holes in this area in the past. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists