Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 11 May 2017 13:22:34 +0200
From: Borislav Petkov <bp@...en8.de>
To: Kees Cook <keescook@...omium.org>,
	Andy Lutomirski <luto@...capital.net>
Cc: Christoph Hellwig <hch@...radead.org>,
	Andy Lutomirski <luto@...nel.org>,
	Mark Rutland <mark.rutland@....com>,
	Kernel Hardening <kernel-hardening@...ts.openwall.com>,
	Greg KH <greg@...ah.com>,
	Heiko Carstens <heiko.carstens@...ibm.com>,
	LKML <linux-kernel@...r.kernel.org>,
	David Howells <dhowells@...hat.com>,
	Dave Hansen <dave.hansen@...el.com>,
	"H . Peter Anvin" <hpa@...or.com>, Ingo Molnar <mingo@...nel.org>,
	Pavel Tikhomirov <ptikhomirov@...tuozzo.com>,
	Peter Zijlstra <a.p.zijlstra@...llo.nl>,
	linux-s390 <linux-s390@...r.kernel.org>,
	the arch/x86 maintainers <x86@...nel.org>,
	Russell King <linux@...linux.org.uk>,
	Will Deacon <will.deacon@....com>,
	Christian Borntraeger <borntraeger@...ibm.com>,
	René Nyffenegger <mail@...enyffenegger.ch>,
	Catalin Marinas <catalin.marinas@....com>,
	"Paul E . McKenney" <paulmck@...ux.vnet.ibm.com>,
	Rik van Riel <riel@...hat.com>, Arnd Bergmann <arnd@...db.de>,
	Brian Gerst <brgerst@...il.com>,
	Josh Poimboeuf <jpoimboe@...hat.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	"linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>,
	Linux API <linux-api@...r.kernel.org>,
	Oleg Nesterov <oleg@...hat.com>, James Morse <james.morse@....com>,
	"Eric W . Biederman" <ebiederm@...ssion.com>,
	Martin Schwidefsky <schwidefsky@...ibm.com>,
	Paolo Bonzini <pbonzini@...hat.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Thomas Garnier <thgarnie@...gle.com>,
	"Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>
Subject: Re: Re: [PATCH v9 1/4] syscalls: Verify address
 limit before returning to user-mode

On Tue, May 09, 2017 at 04:31:00PM -0700, Kees Cook wrote:
> > I don't like silent fixups.  If we want to do this, we should BUG or
> > at least WARN, not just change the addr limit.  But I'm also not
> > convinced it's indicative of an actual bug here.
> 
> Nothing should enter that function with KERNEL_DS set, right?
> 
> BUG_ON(get_fs() != USER_DS);

We're feeling triggerhappy, aren't we? A nice juicy WARN-splat along
with a fixup looks much better than killing the box, to me.

-- 
Regards/Gruss,
    Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.