Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 10 Aug 2011 13:47:17 +0200
From: Luka Marčetić <paxcoder@...il.com>
To: musl@...ts.openwall.com
Subject: Re: New daily reports - nothing

On 08/10/2011 03:38 AM, Rich Felker wrote:

(Thanks for explaining mprotect first of all)

> Especially as you're nearing the deadline, I'd like to ask you to
> please listen when I make recommendations like this. Sure learning
> about mprotect is educational, but in terms of getting stuff done, if
> you'd taken my advice several days (a week now?) back about how to
> check for writes past the end of the buffer, you would have been able
> to spend your time today getting something done rather than wondering
> why mprotect wasn't doing what you wanted....
>
> Rich

The worst thing is, I already do check that: I write '\r' in the last 
byte of the buffer, and then call the function saying the buffer is 
size-1 long (so it shows if it gets overwritten). It doesn't even make 
sense to test for reading/writing beyond size+1, except to test for 
implementation lunacy. I have no idea why I did that anymore. I 
should've just removed sigset altogether. I didn't need mprotect, nor 
wrappers... :-(
P.S. Final buf.c thus won't look like the attached file. In it, 
alloc_bounded() is the broken one - a fixed version may appear somewhere 
else in the future though.

View attachment "buf.c" of type "text/x-csrc" (20093 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.