kernel-hardening - Re: [RFC/RFT PATCH] gcc-plugins: force initialize auto variables whose addresses are taken

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <CAK8P3a1ppGV9MuvkMxZkXmmmt_QrD3TA8CX8KTNHnNMgKrmKzw@mail.gmail.com>
Date: Fri, 7 Jul 2017 00:08:47 +0200
From: Arnd Bergmann <arnd@...db.de>
To: Ard Biesheuvel <ard.biesheuvel@...aro.org>
Cc: Kernel Hardening <kernel-hardening@...ts.openwall.com>, Kees Cook <keescook@...omium.org>, 
	Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [RFC/RFT PATCH] gcc-plugins: force initialize auto variables
 whose addresses are taken

On Thu, Jul 6, 2017 at 1:25 PM, Arnd Bergmann <arnd@...db.de> wrote:
> On Thu, Jul 6, 2017 at 1:09 PM, Arnd Bergmann <arnd@...db.de> wrote:
>> On Thu, Jul 6, 2017 at 12:13 PM, Ard Biesheuvel
>
> Sorry, bad example, that one is a bit less undefined than
> I thought, as it will produce the same result every time,
> regardless of the stack contents. I'll try to come up
> with another test program instead.

I've tried a few more things, but couldn't actually come up with an example
that ends up using uninitialized stack values without also warning about it,
so your plugin may actually cover the most important cases.

The remaining cases I found are either uninitialized uses that we get
a compile-time warning for, or other kinds of undefined behavior
(as in my earlier example).

         Arnd

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.