linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* VLAs and security
@ 2018-09-02  8:08 Uecker, Martin
  2018-09-02 17:40 ` Kees Cook
  0 siblings, 1 reply; 8+ messages in thread
From: Uecker, Martin @ 2018-09-02  8:08 UTC (permalink / raw)
  To: linux-kernel; +Cc: keescook, torvalds


I do not agree that VLAs are generally bad for security.
I think the opposite is true. A VLA with the right size
allows the compiler to automatically perform or insert
meaningful bounds checks, while a fixed upper bound does not.


For example:

char buf[N];
buf[n] = 1;

Here, a compiler / analysis tool can for  n < N  using
static analysis or insert a run-time check.

Replacing this with

char buf[MAX_SIZE]

hides the information about the true upper bound
from automatic tools.

Limiting the stack usage can also be achieved in
the following way:

assert(N <= MAX_SIZE)
char buf[N];


Of course, having predictable stack usage might be more 
important in the kernel and might be a good argument
to still prefer the constant bound.

But loosing the tighter bounds is clearly a disadvantage
with respect to security that one should keep it mind.


Best,
Martin




^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2018-09-05  7:35 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-09-02  8:08 VLAs and security Uecker, Martin
2018-09-02 17:40 ` Kees Cook
2018-09-03  7:39   ` Uecker, Martin
2018-09-03 21:28     ` Linus Torvalds
2018-09-04  6:27       ` Uecker, Martin
2018-09-04  8:00         ` Dmitry Vyukov
2018-09-04 18:22           ` Uecker, Martin
2018-09-05  7:35             ` Dmitry Vyukov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).