On Wed, 6 Sep 2017 17:25:21 -0700 Kees Cook <keescook@xxxxxxxxxxxx> wrote: > On Wed, Sep 6, 2017 at 4:55 PM, Linus Torvalds > <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: > > This _may_ be one of the few acceptable uses of BUG_ON(), but I still > > question it. > > > > It's quite possibly going to bring the machine down, with no messages > > going to the logs, and nothing to say what happened. > > > > That's not good for debugging, but it's not good for security either. > > > > Are you really sure you don't want to just replace it with a > > > > if (WARN_ON_ONCE(..)) return; > > > > instead? > > > > Killing a machine really isn't a great thing to do. > > I asked after this as well, but it didn't really get addressed: > http://www.openwall.com/lists/kernel-hardening/2017/07/19/9 > > I'd be fine with this being WARN_ON_ONCE(). Well... if the kernel warns then proceeds with known pointer crazies, it isn't really "hardened". It's just "kernel with extra debug checks". Yes the log splat is useful, but not very satisfying if someone has already made off with all your customers' credit card numbers? -- To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
