Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 13 Jan 2017 11:06:08 -0800
From: Kees Cook <>
To: PaX Team <>
Cc: "AKASHI, Takahiro" <>, Mark Rutland <>, 
	park jinbum <>, 
	"" <>
Subject: Re: Introduction

On Fri, Jan 13, 2017 at 10:51 AM, PaX Team <> wrote:
> On 13 Jan 2017 at 9:54, Kees Cook wrote:
>> PaX Team, the heuristic for STRUCTLEAK appears to be "does the struct
>> contain anything marked __user". Is this actually a meaningful
>> information exposure case? It seems like there are a lot more cases
>> for exposures where there is nothing marked __user. Is that the
>> meaning of "much smaller coverage" compared to STACKLEAK in the
>> Kconfig?
> STRUCTLEAK was written in response to a particular bug a few years ago
> where we didn't want to give the bug away but still wanted to fix it
> during the embargo. the struct in question could be matched by this
> heuristics, matching everything else (however little of it) is really
> just a free side effect. could coverage be improved? of course but that
> would take a whole lot more work (manual markups and/or data flow analysis
> in LTO mode).

Out of curiosity, do you remember which bug? I'd be curious to compare
it against others. It seems like adding structleak to upstream still
has value, even if the coverage isn't as complete as stackleak.

I wanted to do some simple performance checks with it too. I imagine
it wouldn't have much impact given its coverage isn't very wide.


Kees Cook
Nexus Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.