Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAGXu5j+zTNErMW_karYg8JcEGfzf=y+SdKEMPjsyoLR0o+-s9g@mail.gmail.com>
Date: Tue, 17 Jan 2017 09:32:57 -0800
From: Kees Cook <keescook@...omium.org>
To: PaX Team <pageexec@...email.hu>
Cc: "AKASHI, Takahiro" <takahiro.akashi@...aro.org>, Mark Rutland <mark.rutland@....com>, 
	park jinbum <jinb.park7@...il.com>, 
	"kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>
Subject: Re: Introduction

On Sat, Jan 14, 2017 at 2:10 AM, PaX Team <pageexec@...email.hu> wrote:
> On 13 Jan 2017 at 15:15, Kees Cook wrote:
>
>> On Fri, Jan 13, 2017 at 3:09 PM, PaX Team <pageexec@...email.hu> wrote:
>> >> fs/read_write.c: In function ‘new_sync_write’:
>> >> fs/read_write.c:490:15: note: userspace variable will be forcibly initialized
>> >>   struct iovec iov = { .iov_base = (void __user *)buf, .iov_len = len };
>> >
>> > this is a designated initializer which doesn't match the object constructor
>> > the plugin looks for.
>>
>> What would an object constructor look like?
>
> as you can see it in the plugin source, it has a specific TREE_CODE.

Right, I meant on the C side. The gimple get produced several ways, it
seems, and it wasn't clear under which conditions it spat out a
constructor vs individual assignments.

>> When I had it report the times it skipped forced initialization, the
>> code mostly looked like designated initializers. All I found in the
>> gimple were SSAs. Nothing jumped out at me as being an initializer.
>
> while the gimple dumps are human readable, they omit lots of information
> so it's better to look at the data structures at compile time. that said,
> a constructor should appear as an assignment like this:
>
>   s1 = {};

Yup, saw that for the constructor that got injected.

> a designated initializer is modeled as a constructor and per-field assignments
> by the compiler (both are subject to optimizations so you won't necessarily see
> all of them in the dumps of later passes).

It sounds like the plugin would need to walk every field of the target
variable and check that it got an assignment.

-Kees

-- 
Kees Cook
Nexus Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.