Thread (89 messages) 89 messages, 18 authors, 2017-05-13

[kernel-hardening] Re: [PATCH v9 1/4] syscalls: Verify address limit before returning to user-mode

From: bp@alien8.de (Borislav Petkov)
Date: 2017-05-11 11:22:40
Also in: linux-api, linux-s390, lkml 

On Tue, May 09, 2017 at 04:31:00PM -0700, Kees Cook wrote:
quoted
I don't like silent fixups.  If we want to do this, we should BUG or
at least WARN, not just change the addr limit.  But I'm also not
convinced it's indicative of an actual bug here.
Nothing should enter that function with KERNEL_DS set, right?

BUG_ON(get_fs() != USER_DS);
We're feeling triggerhappy, aren't we? A nice juicy WARN-splat along
with a fixup looks much better than killing the box, to me.

-- 
Regards/Gruss,
    Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help