[PATCH 0/8] format string usage clean ups

From: Kees Cook
Date: Thu Jun 06 2013 - 16:54:30 EST

Next message: Kees Cook: "[PATCH 6/8] workqueue: avoid format strings in names"
Previous message: Kees Cook: "[PATCH 1/8] block: do not pass disk names as format strings"
Next in thread: Kees Cook: "[PATCH 7/8] kthread: avoid parsing names as format strings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

This series is a result of an audit of format string uses in the
kernel. Of two exploitable flaws, the first fix is now in the wireless
tree:

http://git.kernel.org/cgit/linux/kernel/git/linville/wireless.git/commit/?id=9538cbaab6e8b8046039b4b2eb6c9d614dc782bd

The second fix is here as patch 1 ("block: do not pass disk names as format strings"). All the rest are either interface clean ups or
preventative measures to avoid accidents in the future.

There is still more needed before we can do something like this in
the Makefile:

+# Enable format-security when it can stop the build, otherwise disable.
+KBUILD_CFLAGS += $(call cc-option,\
+ -Wformat -Wformat-security -Werror=format-security,\
+ -Wno-format-security)

but I think this series covers the majority of potentially sensitive
exposed infrastructure.

Thanks,

-Kees

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Kees Cook: "[PATCH 6/8] workqueue: avoid format strings in names"
Previous message: Kees Cook: "[PATCH 1/8] block: do not pass disk names as format strings"
Next in thread: Kees Cook: "[PATCH 7/8] kthread: avoid parsing names as format strings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]