Date: Tue, 27 Feb 2018 11:33:34 -0800 From: Kees Cook <keescook@...omium.org> To: Laura Abbott <labbott@...hat.com> Cc: P J P <ppandit@...hat.com>, Kernel Hardening <kernel-hardening@...ts.openwall.com>, Florian Weimer <fweimer@...hat.com>, P J P <pjp@...oraproject.org> Subject: Re: [PATCH 1/1] Add an option to build kernel with -finit-local-vars On Tue, Feb 27, 2018 at 11:22 AM, Laura Abbott <labbott@...hat.com> wrote: > On 02/27/2018 03:15 AM, P J P wrote: >> Add a configuration option to build kernel with -finit-local-vars >> compiler option.[*] It'll zero initialize the automatic kernel >> function variables, thus helping to reduce kernel information >> leakage issues. > > I think this would make the existing structleak plugin > (scripts/gcc-plugins/structleak_plugin.c) obsolete. This isn't > a bad thing but we'd need to figure out a deprecation strategy. It would be nice to make it obsolete, but I don't think that'll happen right away. We still have issues with structure padding, passed-by-reference init, and possibly performance. I wouldn't want to rule anything out until we can have both more complete coverage and better benchmarks (e.g. this is wipe-before, not wipe-after, so there may be cache effects, etc). -Kees -- Kees Cook Pixel Security
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.