Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 7 Dec 2016 16:54:14 +0100
From: Nicolas Iooss <nicolas.iooss_linux@....org>
To: kernel-hardening@...ts.openwall.com
Subject: Re: Picking "Write a plugin to do format string
 warnings correctly"

On Wed, Dec 7, 2016 at 12:21 AM, Ruslan Kuprieiev <kupruser@...il.com>
wrote:

> Hi!
>
> After watching a bunch of talks from Kees about security, I've finally
> decided to
> try to participate in KSPP.
>
> If it's not taken, I would like to start with this task:
>
>      Write a plugin to do format string warnings correctly (gcc's
> -Wformat-security is bad about const strings)
>
> Unfortunately, I wasn't able to find any details about this task. Could
> someone provide some info about it, please?
>

Hello,
I do not know either what this task is about. Nevertheless I started
writing a plugin to check the %p... format strings in the kernel by
implementing a white-list of types associated to a format (eg. %pd used
with "struct dentry*", %pIS with a sockaddr pointer, etc.). This
work-in-progress plugin is available on
https://github.com/fishilico/linux-patches/blob/master/patches/plugin/Add-printk-format-checker-plugin.patch
and I have used it to find bugs like the one fixed in
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7703773ef1d85b40433902a8da20167331597e4a
.

The main reason why my plugin is still "work-in-progress / not ready for
proper submission" is that it does not support casts well. For example if p
is a void* variable, my plugin sees printk("%s", (char *)p) as using %s on
a void*. I have not yet found how I need to modify the plugin to get the
type-casting information (I may need to specify a suitable gcc pass in the
plugin).

Anyway, as this seems to be something different from "gcc's
-Wformat-security is bad about const strings", the task may be about
something else.

On a related subject, I have also written some patches in order to
automatically silent -Wformat-security warnings when using a variable as a
format string. For example some code in the kernel like to call
request_module(module_name) where module_name is a non-const variable.
Instead of "fixing" such a call with request_module("%s", module_name) I am
working on two patches which define macros to make
request_module(module_name) call a function which does not use a format
string parameter (
https://github.com/fishilico/linux-patches/blob/master/patches/maybe_upstreamable/Allow-overiding-functions-depending-on-the.patch
and
https://github.com/fishilico/linux-patches/blob/master/patches/maybe_upstreamable/Make-request_module-callable-without-a-format.patch).
Would such patches be appreciated in the kernel?

Thanks,
Nicolas

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.