oss-sec mailing list archives
Re: Linux kernel proactive security hardening
From: Kees Cook <kees () ubuntu com>
Date: Wed, 10 Nov 2010 09:47:21 -0800
On Mon, Nov 08, 2010 at 10:33:32PM +0300, Vasiliy Kulikov wrote:
On Mon, Nov 08, 2010 at 08:48 +0300, Solar Designer wrote:2. We could turn all function-local non-static definitions of: struct x y; into: struct x y = {}; We could do this by pre-processing the source filesWith coccinelle it is trivial: @@ identifier T, x, f; @@ f(...) { ... struct T x + = {} ; ... } However, I don't think that all linux maintainers would be happy with this.or with a patch to gcc (introduce a command-line option to assume empty initializers for all on-stack structs).IMO much better solution - instead of many MB trivial patch have small gcc patch.
Yeah, I'd like to see this area of gcc improved. It seems like
-Wmissing-field-initializers doesn't always do the right thing either.
I'm glad to see that using "= { }" wipes the entire structure, though. I
was worried that it would leave holes for padding, etc.
-Kees
--
Kees Cook
Ubuntu Security Team
Current thread:
- Linux kernel proactive security hardening Kees Cook (Nov 07)
- Re: Linux kernel proactive security hardening Solar Designer (Nov 07)
- Re: Linux kernel proactive security hardening Dan Rosenberg (Nov 07)
- Re: Linux kernel proactive security hardening Solar Designer (Nov 07)
- Re: Linux kernel proactive security hardening Solar Designer (Nov 07)
- Re: Linux kernel proactive security hardening Vasiliy Kulikov (Nov 08)
- Re: Linux kernel proactive security hardening Kees Cook (Nov 10)
- Re: Linux kernel proactive security hardening Dan Rosenberg (Nov 07)
- Re: Linux kernel proactive security hardening Vasiliy Kulikov (Nov 08)
- Re: Linux kernel proactive security hardening Kees Cook (Nov 10)
- Re: Linux kernel proactive security hardening Vasiliy Kulikov (Nov 10)
- Re: Linux kernel proactive security hardening Solar Designer (Nov 07)