Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 20 Jul 2016 09:52:25 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Kees Cook' <>, ""
CC: Jan Kara <>, ""
	<>, Will Deacon <>,
	"" <>, ""
	<>, ""
	<>, Christoph Lameter <>, "Andrea
 Arcangeli" <>, ""
	<>, "" <>, Russell King
	<>, ""
	<>, Catalin Marinas
	<>, PaX Team <>, Borislav Petkov
	<>, Mathias Krause <>, Fenghua Yu
	<>, Rik van Riel <>, David Rientjes
	<>, Tony Luck <>, Andy Lutomirski
	<>, Josh Poimboeuf <>, Andrew Morton
	<>, Dmitry Vyukov <>, Laura Abbott
	<>, Brad Spengler <>, "Ard
 Biesheuvel" <>, Pekka Enberg <>,
	Daniel Micay <>, Casey Schaufler
	<>, Joonsoo Kim <>,
	"" <>, "David S.
 Miller" <>
Subject: RE: [PATCH v3 00/11] mm: Hardened usercopy

From: Kees Cook
> Sent: 15 July 2016 22:44
> This is a start of the mainline port of PAX_USERCOPY[1]. 
> - if address range is in the current process stack, it must be within the
>   current stack frame (if such checking is possible) or at least entirely
>   within the current process's stack.

That description doesn't seem quite right to me.
I presume the check is:
  Within the current process's stack and not crossing the ends of the
  current stack frame.

The 'current' stack frame is likely to be that of copy_to/from_user().
Even if you use the stack of the caller, any problematic buffers
are likely to have been passed in from a calling function.
So unless you are going to walk the stack (good luck on that)
I'm not sure checking the stack frames is worth it.

I'd also guess that a lot of copies are from the middle of structures
so cannot fail the tests you are adding.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.