9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed
From: Brantley Coile <brantleycoile@me.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Subject: Re: [9fans] Undefined Behaviour in C
Date: Wed, 25 Nov 2015 05:43:23 -0500	[thread overview]
Message-ID: <83B8351E-61F9-4913-83B1-99ACC96381F4@me.com> (raw)
In-Reply-To: <56558D03.3040803@gmail.com>

[-- Attachment #1: Type: text/plain, Size: 2054 bytes --]

Just curious, will Linux not panic when the kernel deterrences a nil pointer?

Sent from my iPad

> On Nov 25, 2015, at 5:27 AM, Alexandru Gheorghe <alghe.global@gmail.com> wrote:
> 
>> On 11/23/2015 01:20 PM, Vasudev Kamath wrote:
>> Ramakrishnan Muthukrishnan <ram@rkrishnan.org> writes:
>> 
>>> Had been reading the SOSP paper:
>>> <https://pdos.csail.mit.edu/papers/stack:sosp13.pdf>
>>> 
>>> and this blog post that proposes a simpler C:
>>> <http://blog.regehr.org/archives/1180>
>> I started reading the paper and its interesting. I didn't knew till date
>> how optimizations really worked and why they were considered harmful.
> 
> They can be quite harmful, the dereference example of tun->sk is a popular example that dates from 2009 regarding the Linux Kernel being exploited by Spender (Brad Spengler): https://lwn.net/Articles/342330/
> "a NULL pointer was dereferenced before being checked, the check was optimized out by the compiler, and the code used the NULL pointer in a way which allowed the attacker to take over the system"
> 
> Funny because Spengler did try many times to introduce better security in the Linux Kernel (see his set of patches in collaboration with the PaX Team: GRSEC) but was refused many times by the community and Linus in particular due to performance penalties (among other "opinions"). Which again opens the question where exactly is the undefined behavior problem? Resides on the programmer or on the compiler (and its programmers)? And how do you deal with the performance side? Because clearly, if you introduce more security then you will start having penalties on it; I guess the question is how much are you willing to let go in preference of more security and stable systems?
> 
> It's a very interesting paper, I only read 7 pages but will soon finish it and go ahead with the references (probably it links the example I wrote in the beginning of this e-mail).
> 
> Thanks for sharing.
> 
> -- 
> ; Alexandru Gheorghe
> ;
> ;       aGlobal
> ; <alghe.global gmail com>

[-- Attachment #2: Type: text/html, Size: 3167 bytes --]

  reply	other threads:[~2015-11-25 10:43 UTC|newest]

Thread overview: 40+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-11-23 10:20 Ramakrishnan Muthukrishnan
2015-11-23 11:20 ` Vasudev Kamath
2015-11-25 10:27   ` Alexandru Gheorghe
2015-11-25 10:43     ` Brantley Coile [this message]
2015-11-25 10:53       ` Brantley Coile
2015-11-25 12:59       ` Charles Forsyth
2015-11-25 13:48         ` erik quanstrom
2015-11-25 14:25           ` Brantley Coile
2015-11-25 14:31             ` Brantley Coile
2015-11-25 16:03             ` plannine
2015-11-25 17:13               ` Ryan Gonzalez
2015-11-25 18:41                 ` Brantley Coile
2015-11-26  2:04                   ` Prof Brucee
2015-11-26  2:43                     ` Brantley Coile
2015-11-26  2:57                       ` Prof Brucee
2015-11-26  3:48                         ` Ryan Gonzalez
2015-11-26  7:27                     ` Bakul Shah
2015-11-26 11:22                       ` Brantley Coile
2015-11-26 11:37                         ` tlaronde
2015-11-26 11:55                           ` Charles Forsyth
2015-11-26 11:38                         ` Bruce Ellis
2015-11-26 16:31                         ` erik quanstrom
2015-11-26 16:42                           ` Brantley Coile
2015-11-26 16:50                             ` Charles Forsyth
2015-11-26 17:12                               ` erik quanstrom
2015-11-26 16:46                           ` Alexandru Gheorghe
2015-11-26 17:48                         ` Bakul Shah
2015-11-26 18:04                           ` Brantley Coile
2015-11-26 23:14                           ` Steve Simon
2015-11-26 23:24                             ` Charles Forsyth
2015-11-26 23:55                             ` Brantley Coile
2015-11-25 19:19               ` Steffen Nurpmeso
2015-11-23 11:32 ` Charles Forsyth
2015-11-23 11:37   ` Charles Forsyth
2015-11-23 11:50 ` Brantley Coile
2015-11-23 12:05   ` Charles Forsyth
2015-11-23 12:17     ` Brantley Coile
2015-11-23 12:40       ` Charles Forsyth
2015-11-23 12:09   ` Charles Forsyth
2015-11-23 14:30 ` Charles Forsyth

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=83B8351E-61F9-4913-83B1-99ACC96381F4@me.com \
    --to=brantleycoile@me.com \
    --cc=9fans@9fans.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).