Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20101110174721.GP5876@outflux.net>
Date: Wed, 10 Nov 2010 09:47:21 -0800
From: Kees Cook <kees@...ntu.com>
To: oss-security@...ts.openwall.com
Subject: Re: Linux kernel proactive security hardening

On Mon, Nov 08, 2010 at 10:33:32PM +0300, Vasiliy Kulikov wrote:
> On Mon, Nov 08, 2010 at 08:48 +0300, Solar Designer wrote:
> > 2. We could turn all function-local non-static definitions of:
> > 
> > struct x y;
> > 
> > into:
> > 
> > struct x y = {};
> > 
> > We could do this by pre-processing the source files
> 
> With coccinelle it is trivial:
> 
> @@
> identifier T, x, f;
> @@
> 
> f(...)
> {
>  ...
>  struct T x
> + = {}
>  ;
>  ...
> }
> 
> However, I don't think that all linux maintainers would be happy with
> this.
> 
> > or with a patch to
> > gcc (introduce a command-line option to assume empty initializers for
> > all on-stack structs).
> 
> IMO much better solution - instead of many MB trivial patch have small
> gcc patch.

Yeah, I'd like to see this area of gcc improved. It seems like
-Wmissing-field-initializers doesn't always do the right thing either.

I'm glad to see that using "= { }" wipes the entire structure, though. I
was worried that it would leave holes for padding, etc.

-Kees

-- 
Kees Cook
Ubuntu Security Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.