oss-sec mailing list archives
Re: Linux kernel proactive security hardening
From: Vasiliy Kulikov <segoon () openwall com>
Date: Mon, 8 Nov 2010 22:33:32 +0300
Solar, On Mon, Nov 08, 2010 at 08:48 +0300, Solar Designer wrote:
2. We could turn all function-local non-static definitions of: struct x y; into: struct x y = {}; We could do this by pre-processing the source files
With coccinelle it is trivial: @@ identifier T, x, f; @@ f(...) { ... struct T x + = {} ; ... } However, I don't think that all linux maintainers would be happy with this.
or with a patch to gcc (introduce a command-line option to assume empty initializers for all on-stack structs).
IMO much better solution - instead of many MB trivial patch have small gcc patch. Thanks, -- Vasiliy
Current thread:
- Linux kernel proactive security hardening Kees Cook (Nov 07)
- Re: Linux kernel proactive security hardening Solar Designer (Nov 07)
- Re: Linux kernel proactive security hardening Dan Rosenberg (Nov 07)
- Re: Linux kernel proactive security hardening Solar Designer (Nov 07)
- Re: Linux kernel proactive security hardening Solar Designer (Nov 07)
- Re: Linux kernel proactive security hardening Vasiliy Kulikov (Nov 08)
- Re: Linux kernel proactive security hardening Kees Cook (Nov 10)
- Re: Linux kernel proactive security hardening Dan Rosenberg (Nov 07)
- Re: Linux kernel proactive security hardening Vasiliy Kulikov (Nov 08)
- Re: Linux kernel proactive security hardening Kees Cook (Nov 10)
- Re: Linux kernel proactive security hardening Vasiliy Kulikov (Nov 10)
- Re: Linux kernel proactive security hardening Solar Designer (Nov 07)