> Looks like you've missed at least one place. Have you marked pointer
> arguments of syscalls as tainted? Path in question looks so:
In the exokernel param checker we do, but not for the one in linux ---
most of the pointers seemed to be devices, so I never added it. Afer
your for bug example, I'll go hack the checker ;-)
> * if method's argument is ever tainted - all instances of that
> method have that argument tainted.
>
> Is it possible to implement? The last rule may be tricky - we need to
> remember that field foo of structure bar has tainted nth argument and
> keep track of all functions assigned to foo, either by initialization
> or by direct assignment. Could that be done?
It should be. We're using a trick similar to this one to build up
equivalence classes of interrupt handlers tracking which functions are
assigned to struct fields, or passed as the same parameter to a
function (request_irq being the prime example). You'd expect that if
any function passed/assigned to a given function/field is an
interrupt handler then the rest are too.
The big win will be when checkers can get at global data structure
initializers. From an outsiders view, it seems like most device
methods are registered that way.
Dawson
Dawson
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Mar 23 2001 - 21:00:08 EST