Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 4 May 2017 10:51:43 -0400
From: Daniel Micay <danielmicay@...il.com>
To: Kees Cook <keescook@...omium.org>, kernel-hardening@...ts.openwall.com
Cc: Daniel Micay <danielmicay@...il.com>
Subject: Re: [PATCH] add the option of fortified string.h functions

There are temporary workarounds for the overflows this found in
https://github.com/thestinger/linux-hardened/commits/4.11, but not
real fixes yet. There are some mostly harmless misuses of memcpy
instead of strncpy and memcmp instead of strncmp where the source is a
string constant. The arm64 vdso code uses memcmp with the address of
'char vdso_start' so perhaps that can become 'char
vdso_start[PAGE_SIZE]' instead. One of the issues looks a bit more
concerning.

I haven't found any issues at runtime but that doesn't mean much since
none of the compile-time issues were in code that's used on my
desktop. This has been used on a 3.18 LTS arm64 kernel targeting the
Pixel / Pixel XL on CopperheadOS for a while and found a real runtime
stack buffer write overflow there in an out-of-tree driver. I'm
somewhat surprised by the fact that there are real buffer overflows
lying around that are this easily found without any fuzzing, etc.
rather than this feature only providing a fair bit of runtime coverage
to mitigate bugs that require edge cases.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.