lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <161411199784.11959.16534412799839825563@localhost.localdomain>
Date:   Tue, 23 Feb 2021 15:26:37 -0500
From:   Ian Denhardt <ian@...hack.net>
To:     ast@...nel.org, daniel@...earbox.net, bpf@...r.kernel.org,
        netdev@...r.kernel.org
Subject: More strict error checking in bpf_asm?

Hi,

I'm using the `bpf_asm` tool to do some syscall filtering, and found out
the hard way that its error checking isn't very strict. In particular,
it issues a warning (not an error) when a jump offset overflows the
instruction's field. It really seems like this *ought* to be a hard
error, but I see from the commit message in
7e22077d0c73a68ff3fd8b3d2f6564fcbcf8cb23 that this was left as a warning
due to backwards compatibility concerns.

I'm skeptical of this trade-off, but would people at least be open to
adding a -Werror flag or the like, if changing it to a hard error
unconditionally is off the table?

Relatedly, while looking through the code I noticed there are several
places where an error occurs that does cause to tool to exit without
generating code, but it exits with 0 (success) status code. It seems
like this ought to report a failure to the caller?

-Ian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ