Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 16 Aug 2016 20:37:26 -0700
From: Kees Cook <keescook@...omium.org>
To: Henrique de Moraes Holschuh <hmh@....eng.br>
Cc: "Paul E . McKenney" <paulmck@...ux.vnet.ibm.com>, Laura Abbott <labbott@...hat.com>, 
	Steven Rostedt <rostedt@...dmis.org>, Stephen Boyd <sboyd@...eaurora.org>, 
	Daniel Micay <danielmicay@...il.com>, Joe Perches <joe@...ches.com>, Arnd Bergmann <arnd@...db.de>, 
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Josh Triplett <josh@...htriplett.org>, 
	Mathieu Desnoyers <mathieu.desnoyers@...icios.com>, Lai Jiangshan <jiangshanlai@...il.com>, 
	"Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com>, 
	"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>, Michael Ellerman <mpe@...erman.id.au>, 
	Dan Williams <dan.j.williams@...el.com>, Andrew Morton <akpm@...ux-foundation.org>, 
	Ingo Molnar <mingo@...nel.org>, Thomas Gleixner <tglx@...utronix.de>, Josef Bacik <jbacik@...com>, 
	Andrey Ryabinin <aryabinin@...tuozzo.com>, Tejun Heo <tj@...nel.org>, 
	Nikolay Aleksandrov <nikolay@...ulusnetworks.com>, Dmitry Vyukov <dvyukov@...gle.com>, 
	LKML <linux-kernel@...r.kernel.org>, 
	"kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>
Subject: Re: [PATCH v2 0/5] bug: Provide toggle for BUG on data corruption

On Tue, Aug 16, 2016 at 5:55 PM, Henrique de Moraes Holschuh
<hmh@....eng.br> wrote:
> On Tue, 16 Aug 2016, Kees Cook wrote:
>> This adds a CONFIG to trigger BUG()s when the kernel encounters
>> unexpected data structure integrity as currently detected with
>> CONFIG_DEBUG_LIST.
>>
>> Specifically list operations have been a target for widening flaws to gain
>> "write anywhere" primitives for attackers, so this also consolidates the
>> debug checking to avoid code and check duplication (e.g. RCU list debug
>> was missing a check that got added to regular list debug). It also stops
>> manipulations when corruption is detected, since worsening the corruption
>> makes no sense. (Really, everyone should build with CONFIG_DEBUG_LIST
>> since the checks are so inexpensive.)
>
> Well, maybe it wants a name that it looks like something that should be
> enabled by default on production kernels?
>
> I.e. CONFIG_DETECT_LIST_CORRUPTION or somesuch?

Yeah, that very well be true. I'd currently like to avoid CONFIG name
churn, but I've added it to my list of CONFIGs to rename (along with
CONFIG_DEBUG_RODATA). :)

-Kees

-- 
Kees Cook
Nexus Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.