Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 18 Feb 2020 10:21:47 +0800
From: zerons <>
To: Kees Cook <>
Cc: Alexander Popov <>,
 Andrey Konovalov <>,, Shawn <>,
Subject: Re: Maybe inappropriate use BUG_ON() in CONFIG_SLAB_FREELIST_HARDENED

>>> In my opinion, this patch can somehow help attacker exploit this kind of bugs
>>> more reliable.
> Why do you think this makes races easier to win?

Sorry, not to make the races easier, but to make the exploitations
more reliable.

>> +Alexander Popov, who is the author of the double free check in
>> Ah, so as long as the double free happens in a user process context,
>> you can retry triggering it until you succeed in winning the race to
>> reallocate the object (without causing slab freelist corruption, as it
>> would have had happened before SLAB_FREELIST_HARDENED). Nice idea!
> Do you see improvements that could be made here?

Could we use BUG_ON() only when panic_on_oops is set?

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.