|
Message-ID: <CABgxDo+=rhCmn2qaGGM06TgDnaBZKi-kUjwg9cSq=+1XQOvBxg@mail.gmail.com>
Date: Sat, 8 Jun 2019 10:16:57 +0200
From: Romain Perier <romain.perier@...il.com>
To: Shyam Saini <mayhs11saini@...il.com>
Cc: Kees Cook <keescook@...omium.org>,
Kernel Hardening <kernel-hardening@...ts.openwall.com>
Subject: Re: Get involved
Hi,
Thanks for these details.
Yeah if this is okay for you , I will pick the task for NLA_STRING . I can
mark it as WIP on the Wiki.
Regards,
Romain
Le sam. 8 juin 2019 à 08:02, Shyam Saini <mayhs11saini@...il.com> a écrit :
> Hi Kees,
>
> >
> > Hi! Sorry for the late reply: I've been travelling this week. :P
>
> > > Okay, np. I will select another one then :) (hehe that's the game ;) )
> > >
> > > @Kees: do you have something in mind (as a new task) ?
> > Shyam, you'd also started FIELD_SIZEOF refactoring, but never sent a v2
> > patch if I was following correctly? Is there one or the other of these
> > tasks you'd like help with?
> https://patchwork.kernel.org/patch/10900187/
>
> sorry for being too late.
>
> You assigned me 3 tasks
> 1) FIELD_SIZEOF
> 2) WARN on kfree() of ERR_PTR range
> 3) NLA_STRING
>
> I'll send patches for task 1 and 2 today or tomorrow.
>
> If Roman is taking NLA_STRING task, I'd pick some other once i send
> patches for 1 and 2.
>
>
> > Romain, what do you think about reviewing NLA code? I'd mentioned a
> > third task here:
> > https://www.openwall.com/lists/kernel-hardening/2019/04/17/8
> >
> > Quoting...
> >
> >
> > - audit and fix all misuse of NLA_STRING
> >
> > This is a following up on noticing the misuse of NLA_STRING (no NUL
> > terminator), getting used with regular string functions (that expect a
> > NUL termination):
> >
> https://lore.kernel.org/lkml/1519329289.2637.12.camel@sipsolutions.net/T/#u
> >
> > It'd be nice if someone could inspect all the NLA_STRING
> > representations and find if there are any other problems like this
> > (and see if there was a good way to systemically fix the problem).
> >
> >
> >
> > For yet another idea would be to get syzkaller[1] set up and enable
> > integer overflow detection (by adding
> "-fsanitize=signed-integer-overflow"
> > to KBUILD_CFLAGS) and start finding and fixes cases like this[2].
> >
> > Thanks and let me know what you think!
> >
> > -Kees
> >
> > [1] https://github.com/google/syzkaller/blob/master/docs/linux/setup.md
> > [2] https://lore.kernel.org/lkml/20180824215439.GA46785@beast/
> >
> >
> > --
> > Kees Cook
>
Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.