Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20110810013839.GU132@brightrain.aerifal.cx>
Date: Tue, 9 Aug 2011 21:38:39 -0400
From: Rich Felker <dalias@...ifal.cx>
To: musl@...ts.openwall.com
Subject: Re: New daily reports - nothing

On Wed, Aug 10, 2011 at 03:34:24AM +0200, Luka Marčetić wrote:
> Nothing to report for today, I'm afraid.
> Not much time left either. I hoped you'd suggest what to do, but I
> had to spend time fixing stuff anyway. And since I still do, my
> priorities are:
> 
> - Fix and commit buf.c *
> - Fix other tests that are still broken (setuid, alloc)
> - Complete the started ones (pthread_eintr)
> 
> * I don't know what's up with this: http://codepad.org/Ysn2roYC.

See http://pubs.opengroup.org/onlinepubs/9699919799/functions/mprotect.html

  The mprotect() function shall change the access protections to be
  that specified by prot for those whole pages containing any part of
  the address space of the process starting at address addr and
  continuing for len bytes.

There is no way to protect individual bytes. You could arrange for the
first byte past the end of the buffer to be protected by starting the
buffer "len" bytes before a page boundary, but if your goal is to
detect invalid writes rather than invalid reads, it's just as good to
allocate an overly-long buffer, fill the space that should not be used
with known content, and check whether that content has been clobbered
after the call. This avoids requiring any hacks with signal handlers
for SIGSEGV.

Especially as you're nearing the deadline, I'd like to ask you to
please listen when I make recommendations like this. Sure learning
about mprotect is educational, but in terms of getting stuff done, if
you'd taken my advice several days (a week now?) back about how to
check for writes past the end of the buffer, you would have been able
to spend your time today getting something done rather than wondering
why mprotect wasn't doing what you wanted....

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.