Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On Tue, Jan 17, 2017 at 07:54:38PM +0100, PaX Team wrote: > On 17 Jan 2017 at 17:48, Mark Rutland wrote: > > That being the case, (and given the relevant bug has now been fixed), > > it's not clear to me what the value of this is today. i.e. given the > > general case, is this preventing many

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On Tue, Jan 17, 2017 at 07:54:38PM +0100, PaX Team wrote: > On 17 Jan 2017 at 17:48, Mark Rutland wrote: > > That being the case, (and given the relevant bug has now been fixed), > > it's not clear to me what the value of this is today. i.e. given the > > general case, is this preventing many

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On Tue, Jan 17, 2017 at 08:25:49PM +0100, PaX Team wrote: > On 17 Jan 2017 at 18:07, Dave P Martin wrote: > > > On Tue, Jan 17, 2017 at 06:09:49PM +0100, PaX Team wrote: > > > On 17 Jan 2017 at 10:42, Dave P Martin wrote: > > > > > > > This can be read with the interpretation you suggest, but the

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On Tue, Jan 17, 2017 at 08:25:49PM +0100, PaX Team wrote: > On 17 Jan 2017 at 18:07, Dave P Martin wrote: > > > On Tue, Jan 17, 2017 at 06:09:49PM +0100, PaX Team wrote: > > > On 17 Jan 2017 at 10:42, Dave P Martin wrote: > > > > > > > This can be read with the interpretation you suggest, but the

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On Tue, Jan 17, 2017 at 06:09:49PM +0100, PaX Team wrote: > On 17 Jan 2017 at 10:42, Dave P Martin wrote: > > > On Mon, Jan 16, 2017 at 08:22:24PM +0100, PaX Team wrote: > > > the 'issue' is that before C11 the standard didn't make it clear that in > > > case of a partial initializer list the

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On Tue, Jan 17, 2017 at 06:09:49PM +0100, PaX Team wrote: > On 17 Jan 2017 at 10:42, Dave P Martin wrote: > > > On Mon, Jan 16, 2017 at 08:22:24PM +0100, PaX Team wrote: > > > the 'issue' is that before C11 the standard didn't make it clear that in > > > case of a partial initializer list the

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On 17 Jan 2017 at 17:48, Mark Rutland wrote: > That being the case, (and given the relevant bug has now been fixed), > it's not clear to me what the value of this is today. i.e. given the > general case, is this preventing many leaks? no idea, i stopped looking at the instrumentation log long

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On 17 Jan 2017 at 17:48, Mark Rutland wrote: > That being the case, (and given the relevant bug has now been fixed), > it's not clear to me what the value of this is today. i.e. given the > general case, is this preventing many leaks? no idea, i stopped looking at the instrumentation log long

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On 17 Jan 2017 at 18:07, Dave P Martin wrote: > On Tue, Jan 17, 2017 at 06:09:49PM +0100, PaX Team wrote: > > On 17 Jan 2017 at 10:42, Dave P Martin wrote: > > > > > This can be read with the interpretation you suggest, but the wording > > > doesn't seem rock-solid. For the kernel, I guess it's

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On 17 Jan 2017 at 18:07, Dave P Martin wrote: > On Tue, Jan 17, 2017 at 06:09:49PM +0100, PaX Team wrote: > > On 17 Jan 2017 at 10:42, Dave P Martin wrote: > > > > > This can be read with the interpretation you suggest, but the wording > > > doesn't seem rock-solid. For the kernel, I guess it's

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On Mon, Jan 16, 2017 at 08:30:29PM +0100, PaX Team wrote: > On 16 Jan 2017 at 15:24, Mark Rutland wrote: > > > To me, it seems that the __user annotation can only be an indicator of > > an issue by chance. We have structures with __user pointers in structs > > that will never be copied to

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On Mon, Jan 16, 2017 at 08:30:29PM +0100, PaX Team wrote: > On 16 Jan 2017 at 15:24, Mark Rutland wrote: > > > To me, it seems that the __user annotation can only be an indicator of > > an issue by chance. We have structures with __user pointers in structs > > that will never be copied to

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On Mon, Jan 16, 2017 at 3:54 AM, Mark Rutland wrote: > Hi, > > [adding Dave, so retaining full context below] > > On Fri, Jan 13, 2017 at 02:02:56PM -0800, Kees Cook wrote: >> This plugin detects any structures that contain __user attributes and >> makes sure it is being

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On Mon, Jan 16, 2017 at 3:54 AM, Mark Rutland wrote: > Hi, > > [adding Dave, so retaining full context below] > > On Fri, Jan 13, 2017 at 02:02:56PM -0800, Kees Cook wrote: >> This plugin detects any structures that contain __user attributes and >> makes sure it is being fulling initialized so

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On Sat, Jan 14, 2017 at 2:03 AM, PaX Team wrote: > On 13 Jan 2017 at 14:02, Kees Cook wrote: > >> This plugin detects any structures that contain __user attributes and >> makes sure it is being fulling initialized so that a specific class of >> information exposure is

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On Sat, Jan 14, 2017 at 2:03 AM, PaX Team wrote: > On 13 Jan 2017 at 14:02, Kees Cook wrote: > >> This plugin detects any structures that contain __user attributes and >> makes sure it is being fulling initialized so that a specific class of >> information exposure is eliminated. (For example,

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On Mon, Jan 16, 2017 at 08:22:24PM +0100, PaX Team wrote: > On 16 Jan 2017 at 11:54, Mark Rutland wrote: [...] > > I assume that this is only guaranteed to initialise fields in a struct, > > and not padding, is that correct? I ask due to the issue described in: > > > >

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On Mon, Jan 16, 2017 at 08:22:24PM +0100, PaX Team wrote: > On 16 Jan 2017 at 11:54, Mark Rutland wrote: [...] > > I assume that this is only guaranteed to initialise fields in a struct, > > and not padding, is that correct? I ask due to the issue described in: > > > >

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On 16 Jan 2017 at 15:24, Mark Rutland wrote: > To me, it seems that the __user annotation can only be an indicator of > an issue by chance. We have structures with __user pointers in structs > that will never be copied to userspace, and conversely we have structs > that don't contain a __user

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On 16 Jan 2017 at 15:24, Mark Rutland wrote: > To me, it seems that the __user annotation can only be an indicator of > an issue by chance. We have structures with __user pointers in structs > that will never be copied to userspace, and conversely we have structs > that don't contain a __user

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On 16 Jan 2017 at 11:54, Mark Rutland wrote: > > + * Copyright 2013-2017 by PaX Team > > + * Licensed under the GPL v2 > > + * > > + * Note: the choice of the license means that the compilation process is > > + * NOT 'eligible' as defined by gcc's library exception to

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On 16 Jan 2017 at 11:54, Mark Rutland wrote: > > + * Copyright 2013-2017 by PaX Team > > + * Licensed under the GPL v2 > > + * > > + * Note: the choice of the license means that the compilation process is > > + * NOT 'eligible' as defined by gcc's library exception to the GPL > > v3, > >

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On Mon, 2017-01-16 at 15:24 +, Mark Rutland wrote: > Hi, > > On Sat, Jan 14, 2017 at 11:03:14AM +0100, PaX Team wrote: > > On 13 Jan 2017 at 14:02, Kees Cook wrote: > > > > > +config GCC_PLUGIN_STRUCTLEAK_VERBOSE > > > + bool "Report initialized variables" > > > + depends on

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On Mon, 2017-01-16 at 15:24 +, Mark Rutland wrote: > Hi, > > On Sat, Jan 14, 2017 at 11:03:14AM +0100, PaX Team wrote: > > On 13 Jan 2017 at 14:02, Kees Cook wrote: > > > > > +config GCC_PLUGIN_STRUCTLEAK_VERBOSE > > > + bool "Report initialized variables" > > > + depends on

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

Hi, On Sat, Jan 14, 2017 at 11:03:14AM +0100, PaX Team wrote: > On 13 Jan 2017 at 14:02, Kees Cook wrote: > > > +config GCC_PLUGIN_STRUCTLEAK_VERBOSE > > + bool "Report initialized variables" > > + depends on GCC_PLUGIN_STRUCTLEAK > > + depends on !COMPILE_TEST > > + help > > + This

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

Hi, On Sat, Jan 14, 2017 at 11:03:14AM +0100, PaX Team wrote: > On 13 Jan 2017 at 14:02, Kees Cook wrote: > > > +config GCC_PLUGIN_STRUCTLEAK_VERBOSE > > + bool "Report initialized variables" > > + depends on GCC_PLUGIN_STRUCTLEAK > > + depends on !COMPILE_TEST > > + help > > + This

Re: [kernel-hardening] Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On Mon, Jan 16, 2017 at 11:54:35AM +, Mark Rutland wrote: > Hi, > > [adding Dave, so retaining full context below] > > On Fri, Jan 13, 2017 at 02:02:56PM -0800, Kees Cook wrote: > > This plugin detects any structures that contain __user attributes and > > makes sure it is being fulling

Re: [kernel-hardening] Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On Mon, Jan 16, 2017 at 11:54:35AM +, Mark Rutland wrote: > Hi, > > [adding Dave, so retaining full context below] > > On Fri, Jan 13, 2017 at 02:02:56PM -0800, Kees Cook wrote: > > This plugin detects any structures that contain __user attributes and > > makes sure it is being fulling

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

Hi, [adding Dave, so retaining full context below] On Fri, Jan 13, 2017 at 02:02:56PM -0800, Kees Cook wrote: > This plugin detects any structures that contain __user attributes and > makes sure it is being fulling initialized so that a specific class of Nit: s/fulling/fully/ > information

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

Hi, [adding Dave, so retaining full context below] On Fri, Jan 13, 2017 at 02:02:56PM -0800, Kees Cook wrote: > This plugin detects any structures that contain __user attributes and > makes sure it is being fulling initialized so that a specific class of Nit: s/fulling/fully/ > information

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On 13 Jan 2017 at 14:02, Kees Cook wrote: > This plugin detects any structures that contain __user attributes and > makes sure it is being fulling initialized so that a specific class of > information exposure is eliminated. (For example, the exposure of siginfo > in CVE-2013-2141 would have been

Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On 13 Jan 2017 at 14:02, Kees Cook wrote: > This plugin detects any structures that contain __user attributes and > makes sure it is being fulling initialized so that a specific class of > information exposure is eliminated. (For example, the exposure of siginfo > in CVE-2013-2141 would have been

[PATCH] gcc-plugins: Add structleak for more stack initialization

This plugin detects any structures that contain __user attributes and makes sure it is being fulling initialized so that a specific class of information exposure is eliminated. (For example, the exposure of siginfo in CVE-2013-2141 would have been blocked by this plugin.) Ported from

[PATCH] gcc-plugins: Add structleak for more stack initialization

This plugin detects any structures that contain __user attributes and makes sure it is being fulling initialized so that a specific class of information exposure is eliminated. (For example, the exposure of siginfo in CVE-2013-2141 would have been blocked by this plugin.) Ported from