oss-sec mailing list archives
Re: Linux kernel proactive security hardening
From: Vasiliy Kulikov <segoon () openwall com>
Date: Mon, 8 Nov 2010 22:33:32 +0300
Solar, On Mon, Nov 08, 2010 at 08:48 +0300, Solar Designer wrote:
2. We could turn all function-local non-static definitions of:
struct x y;
into:
struct x y = {};
We could do this by pre-processing the source files
With coccinelle it is trivial:
@@
identifier T, x, f;
@@
f(...)
{
...
struct T x
+ = {}
;
...
}
However, I don't think that all linux maintainers would be happy with
this.
or with a patch to gcc (introduce a command-line option to assume empty initializers for all on-stack structs).
IMO much better solution - instead of many MB trivial patch have small gcc patch. Thanks, -- Vasiliy
Current thread:
- Linux kernel proactive security hardening Kees Cook (Nov 07)
- Re: Linux kernel proactive security hardening Solar Designer (Nov 07)
- Re: Linux kernel proactive security hardening Dan Rosenberg (Nov 07)
- Re: Linux kernel proactive security hardening Solar Designer (Nov 07)
- Re: Linux kernel proactive security hardening Solar Designer (Nov 07)
- Re: Linux kernel proactive security hardening Vasiliy Kulikov (Nov 08)
- Re: Linux kernel proactive security hardening Kees Cook (Nov 10)
- Re: Linux kernel proactive security hardening Dan Rosenberg (Nov 07)
- Re: Linux kernel proactive security hardening Vasiliy Kulikov (Nov 08)
- Re: Linux kernel proactive security hardening Kees Cook (Nov 10)
- Re: Linux kernel proactive security hardening Vasiliy Kulikov (Nov 10)
- Re: Linux kernel proactive security hardening Solar Designer (Nov 07)