From: Mark Rutland <email@example.com> To: PaX Team <firstname.lastname@example.org> Cc: email@example.com, Kees Cook <firstname.lastname@example.org>, Emese Revfy <email@example.com>, "AKASHI, Takahiro" <firstname.lastname@example.org>, park jinbum <email@example.com>, Daniel Micay <firstname.lastname@example.org>, email@example.com, firstname.lastname@example.org Subject: Re: [PATCH] gcc-plugins: Add structleak for more stack initialization Date: Wed, 18 Jan 2017 10:48:58 +0000 [thread overview] Message-ID: <20170118104857.GA3231@leverpostej> (raw) In-Reply-To: <587E686E.29386.DA7FA27@pageexec.freemail.hu> On Tue, Jan 17, 2017 at 07:54:38PM +0100, PaX Team wrote: > On 17 Jan 2017 at 17:48, Mark Rutland wrote: > > That being the case, (and given the relevant bug has now been fixed), > > it's not clear to me what the value of this is today. i.e. given the > > general case, is this preventing many leaks? > > no idea, i stopped looking at the instrumentation log long ago, but everyone > can enable the debug output (has a very specific comment on it ;) and look at > the results. i keep this plugin around because it costs nothing to maintain > it and the alternative (better) solution doesn't exist yet. Fair enough; understood. > > > i never went into that direction because i think the security goal can > > > be achieved without the performance impact of forced initialization. > > > > Was there a particular technique you had in mind? > > sure, i mentioned it in my SSTIC'12 keynote (page 36): > https://pax.grsecurity.net/docs/PaXTeam-SSTIC12-keynote-20-years-of-PaX.pdf Thanks for the pointer. I'm probably being very naive here, but IIUC the per-task usercopy stack would require roughly the same analysis to identify relevant variables, unless all local variables (regardless of initialisation) that fed into a usercopy would be on the usercopy stack? Regardless, I can see the benefit of cleanly separating that data from the rest of the kernel data. Thanks, Mark.
next prev parent reply other threads:[~2017-01-18 11:31 UTC|newest] Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top 2017-01-13 22:02 Kees Cook 2017-01-14 10:03 ` PaX Team 2017-01-16 15:24 ` Mark Rutland 2017-01-16 19:08 ` Daniel Micay 2017-01-16 19:30 ` PaX Team 2017-01-17 17:48 ` Mark Rutland 2017-01-17 18:54 ` PaX Team 2017-01-18 10:48 ` Mark Rutland [this message] 2017-01-17 17:48 ` Kees Cook 2017-01-16 11:54 ` Mark Rutland 2017-01-16 12:26 ` [kernel-hardening] " Mark Rutland 2017-01-16 19:22 ` PaX Team 2017-01-17 10:42 ` Dave P Martin [not found] ` <587E4FDD.31940.D47F642@pageexec.freemail.hu> 2017-01-17 18:07 ` Dave P Martin 2017-01-17 19:25 ` PaX Team 2017-01-17 22:04 ` Dave P Martin 2017-01-17 17:56 ` Kees Cook
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20170118104857.GA3231@leverpostej \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --subject='Re: [PATCH] gcc-plugins: Add structleak for more stack initialization' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).