From: Kees Cook <keescook@chromium.org>
To: Andy Shevchenko <andy.shevchenko@gmail.com>
Cc: Masahiro Yamada <masahiroy@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>,
Joe Perches <joe@perches.com>,
clang-built-linux <clang-built-linux@googlegroups.com>,
stable <stable@vger.kernel.org>, Andy Lavr <andy.lavr@gmail.com>,
Arvind Sankar <nivedita@alum.mit.edu>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Sami Tolvanen <samitolvanen@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
Alexandru Ardelean <alexandru.ardelean@analog.com>,
Yury Norov <yury.norov@gmail.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v3] lib/string.c: implement stpcpy
Date: Thu, 27 Aug 2020 11:30:48 -0700 [thread overview]
Message-ID: <202008271126.2C397BF6D@keescook> (raw)
In-Reply-To: <CAHp75VfniSw3AFTyyDk2OoAChGx7S6wF7sZKpJXNHmk97BoRXA@mail.gmail.com>
On Thu, Aug 27, 2020 at 11:59:24AM +0300, Andy Shevchenko wrote:
> strcpy() is not a bad API for the cases when you know what you are
> doing. A problem that most of the developers do not know what they are
> doing.
> No need to split everything to bad and good by its name or semantics,
> each API has its own pros and cons and programmers must use their
> brains.
I equate "unsafe" or "fragile" with "bad". There's no reason to use our
brains for remembering what's safe or not when we can just remove unsafe
things from the available APIs, and/or lean on the compiler to help
(e.g. CONFIG_FORTIFY_SOURCE).
Most of the uses of strcpy() in the kernel are just copying between two
known-at-compile-time NUL-terminated character arrays. We had wanted to
introduce stracpy() for this, but Linus objected to yet more string
functions. So for now, I'm aimed at removing strlcpy() completely first,
then look at strcpy() -> strscpy() for cases where target size is NOT
compile-time known, and then to convert the kernel's strcpy() into
_requiring_ that source/dest lengths are known at compile time.
And then tackle strncpy(), which is a mess.
--
Kees Cook
next prev parent reply other threads:[~2020-08-27 18:30 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-25 13:58 [PATCH v3] lib/string.c: implement stpcpy Nick Desaulniers
2020-08-25 18:51 ` Nathan Chancellor
2020-08-26 15:41 ` Sedat Dilek
2020-08-26 15:58 ` Masahiro Yamada
2020-09-06 9:57 ` Kees Cook
2020-08-26 16:49 ` Masahiro Yamada
2020-08-26 16:57 ` Joe Perches
2020-08-26 16:58 ` Nick Desaulniers
2020-08-26 22:59 ` Masahiro Yamada
2020-08-26 23:38 ` Kees Cook
2020-08-26 23:57 ` Joe Perches
2020-08-27 2:33 ` Kees Cook
2020-08-27 2:42 ` Joe Perches
2020-08-27 18:26 ` Kees Cook
2020-08-27 8:59 ` Andy Shevchenko
2020-08-27 18:30 ` Kees Cook [this message]
2020-08-27 19:37 ` Joe Perches
2020-08-27 19:41 ` Kees Cook
2020-08-27 20:05 ` Andy Shevchenko
2020-08-27 22:26 ` Kees Cook
2020-08-28 8:17 ` Andy Shevchenko
2020-08-31 23:21 ` Nick Desaulniers
2020-09-01 8:51 ` David Laight
-- strict thread matches above, loose matches on Subject: below --
2020-08-25 14:00 Nick Desaulniers
2020-08-26 15:22 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202008271126.2C397BF6D@keescook \
--to=keescook@chromium.org \
--cc=akpm@linux-foundation.org \
--cc=alexandru.ardelean@analog.com \
--cc=andriy.shevchenko@linux.intel.com \
--cc=andy.lavr@gmail.com \
--cc=andy.shevchenko@gmail.com \
--cc=clang-built-linux@googlegroups.com \
--cc=joe@perches.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=masahiroy@kernel.org \
--cc=ndesaulniers@google.com \
--cc=nivedita@alum.mit.edu \
--cc=samitolvanen@google.com \
--cc=stable@vger.kernel.org \
--cc=yury.norov@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox