Difference between revisions of "Bug Classes/Uninitialized variables"

From Linux Kernel Security Subsystem
Jump to navigation Jump to search
(Created page with "= Details = When variables (on either stack or heap) are used without being explicitly initialized, behavior is "undefined". In reality, "uninitialized" just means "still has ...")
 
(No difference)

Latest revision as of 22:44, 4 November 2015

Details

When variables (on either stack or heap) are used without being explicitly initialized, behavior is "undefined". In reality, "uninitialized" just means "still has the prior value". When an attacker can control prior values, this can lead to exploitation or leaks, either through regular techniques or through "data-only" attacks.

Examples

Mitigations

  • clear kernel stack between system calls (e.g. PAX_MEMORY_STACKLEAK)
  • instrument compiler to fully initialize all structures (e.g. PAX_MEMORY_STRUCTLEAK)
Retrieved from "http://kernsec.org/wiki/index.php?title=Bug_Classes/Uninitialized_variables&oldid=3733"