On Tue, Jan 17, 2017 at 07:54:38PM +0100, PaX Team wrote:
> On 17 Jan 2017 at 17:48, Mark Rutland wrote:
> > That being the case, (and given the relevant bug has now been fixed),
> > it's not clear to me what the value of this is today. i.e. given the
> > general case, is this preventing many leaks
On Tue, Jan 17, 2017 at 08:25:49PM +0100, PaX Team wrote:
> On 17 Jan 2017 at 18:07, Dave P Martin wrote:
>
> > On Tue, Jan 17, 2017 at 06:09:49PM +0100, PaX Team wrote:
> > > On 17 Jan 2017 at 10:42, Dave P Martin wrote:
> > >
> > > > This can be read with the interpretation you suggest, but the w
On Tue, Jan 17, 2017 at 06:09:49PM +0100, PaX Team wrote:
> On 17 Jan 2017 at 10:42, Dave P Martin wrote:
>
> > On Mon, Jan 16, 2017 at 08:22:24PM +0100, PaX Team wrote:
> > > the 'issue' is that before C11 the standard didn't make it clear that in
> > > case of a partial initializer list the compi
On 17 Jan 2017 at 17:48, Mark Rutland wrote:
> That being the case, (and given the relevant bug has now been fixed),
> it's not clear to me what the value of this is today. i.e. given the
> general case, is this preventing many leaks?
no idea, i stopped looking at the instrumentation log long ago
On 17 Jan 2017 at 18:07, Dave P Martin wrote:
> On Tue, Jan 17, 2017 at 06:09:49PM +0100, PaX Team wrote:
> > On 17 Jan 2017 at 10:42, Dave P Martin wrote:
> >
> > > This can be read with the interpretation you suggest, but the wording
> > > doesn't seem rock-solid. For the kernel, I guess it's s
On Mon, Jan 16, 2017 at 08:30:29PM +0100, PaX Team wrote:
> On 16 Jan 2017 at 15:24, Mark Rutland wrote:
>
> > To me, it seems that the __user annotation can only be an indicator of
> > an issue by chance. We have structures with __user pointers in structs
> > that will never be copied to userspac
On Mon, Jan 16, 2017 at 3:54 AM, Mark Rutland wrote:
> Hi,
>
> [adding Dave, so retaining full context below]
>
> On Fri, Jan 13, 2017 at 02:02:56PM -0800, Kees Cook wrote:
>> This plugin detects any structures that contain __user attributes and
>> makes sure it is being fulling initialized so tha
On Sat, Jan 14, 2017 at 2:03 AM, PaX Team wrote:
> On 13 Jan 2017 at 14:02, Kees Cook wrote:
>
>> This plugin detects any structures that contain __user attributes and
>> makes sure it is being fulling initialized so that a specific class of
>> information exposure is eliminated. (For example, the
On Mon, Jan 16, 2017 at 08:22:24PM +0100, PaX Team wrote:
> On 16 Jan 2017 at 11:54, Mark Rutland wrote:
[...]
> > I assume that this is only guaranteed to initialise fields in a struct,
> > and not padding, is that correct? I ask due to the issue described in:
> >
> > https://lwn.net/Articles/41
On 16 Jan 2017 at 15:24, Mark Rutland wrote:
> To me, it seems that the __user annotation can only be an indicator of
> an issue by chance. We have structures with __user pointers in structs
> that will never be copied to userspace, and conversely we have structs
> that don't contain a __user fiel
On 16 Jan 2017 at 11:54, Mark Rutland wrote:
> > + * Copyright 2013-2017 by PaX Team
> > + * Licensed under the GPL v2
> > + *
> > + * Note: the choice of the license means that the compilation process is
> > + * NOT 'eligible' as defined by gcc's library exception to the GPL
> > v3,
> > +
On Mon, 2017-01-16 at 15:24 +, Mark Rutland wrote:
> Hi,
>
> On Sat, Jan 14, 2017 at 11:03:14AM +0100, PaX Team wrote:
> > On 13 Jan 2017 at 14:02, Kees Cook wrote:
> >
> > > +config GCC_PLUGIN_STRUCTLEAK_VERBOSE
> > > + bool "Report initialized variables"
> > > + depends on GCC_PLUGIN_STRUCT
Hi,
On Sat, Jan 14, 2017 at 11:03:14AM +0100, PaX Team wrote:
> On 13 Jan 2017 at 14:02, Kees Cook wrote:
>
> > +config GCC_PLUGIN_STRUCTLEAK_VERBOSE
> > + bool "Report initialized variables"
> > + depends on GCC_PLUGIN_STRUCTLEAK
> > + depends on !COMPILE_TEST
> > + help
> > + This o
On Mon, Jan 16, 2017 at 11:54:35AM +, Mark Rutland wrote:
> Hi,
>
> [adding Dave, so retaining full context below]
>
> On Fri, Jan 13, 2017 at 02:02:56PM -0800, Kees Cook wrote:
> > This plugin detects any structures that contain __user attributes and
> > makes sure it is being fulling initia
Hi,
[adding Dave, so retaining full context below]
On Fri, Jan 13, 2017 at 02:02:56PM -0800, Kees Cook wrote:
> This plugin detects any structures that contain __user attributes and
> makes sure it is being fulling initialized so that a specific class of
Nit: s/fulling/fully/
> information expo
On 13 Jan 2017 at 14:02, Kees Cook wrote:
> This plugin detects any structures that contain __user attributes and
> makes sure it is being fulling initialized so that a specific class of
> information exposure is eliminated. (For example, the exposure of siginfo
> in CVE-2013-2141 would have been
This plugin detects any structures that contain __user attributes and
makes sure it is being fulling initialized so that a specific class of
information exposure is eliminated. (For example, the exposure of siginfo
in CVE-2013-2141 would have been blocked by this plugin.)
Ported from grsecurity/Pa
17 matches
Mail list logo
