Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 24 Feb 2017 00:15:10 +0100
From: Rasmus Villemoes <>
To: Kees Cook <>
Cc: Laura Abbott <>,  "kernel-hardening\" <>
Subject: Re: Format string gcc-plugin?

On Tue, Feb 14 2017, Kees Cook <> wrote:

> On Tue, Feb 14, 2017 at 10:01 AM, Laura Abbott <> wrote:
>> Hi,
>> The recent discussions about %pk led me to start playing around
>> with writing a gcc plugin (notes about writing a gcc plugin are
>> forthcoming). My idea was to expand checking of the kernel's additional
>> formats (%pK, %pR etc.) or possibly even change the format
>> strings. The big issue is that most of vsprintf.c would end up
>> in the plugin which would be ugly to maintain. This concept could
>> be used for some of the problems with kernel pointer leaks
>> but I'm interested if anyone else has thoughts or ideas about
>> how better to do this (or even not to do this).
> If we can leverage common code between the plugin and vsprintf.c, it
> should be doable. I haven't looked at processing format strings at
> all, though I assume the plugin would need to check the
> __printf-generated attributes.

smatch already does type checking of the kernel's %p extensions, plus
some additional sanity checks (e.g. passing a signed char to %02x,
duplicate KERN_* or KERN_* prefixes not at the beginning, 0x%d,
etc.). Maybe Dan Carpenter is the only one actually running it
periodically. I never managed to get sparse to grok the printf
attribute, so it uses a hardcoded list of printf-like functions. It
would be nice to do these checks in a gcc plugin to get wider coverage
and piggyback on the actual printf attributes, and it would probably be
easier to keep up with the endless stream of new %pX stuff that way.


Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.