Designated initializers, struct randomization and addressing?
Kees Cook
keescook at chromium.org
Wed Jan 4 22:30:59 UTC 2017
On Wed, Jan 4, 2017 at 8:55 AM, Stephen Hemminger
<stephen at networkplumber.org> wrote:
> On Tue, 3 Jan 2017 22:35:26 -0800
> Kees Cook <keescook at chromium.org> wrote:
>
>> For randstruct and constify, the automatic selection is done on
>> structures with only function pointers. (Additional structures can be
>> added via a compiler attribute marking.)
>>
>> See is_pure_ops_struct():
>
> Is there anyway to use this plugin to identify pure_ops structures not already marked as const?
That's what the constify plugin does, yes. Though to deal with cases
where something rarely written to, the
pax_open_kernel/pax_close_kernel annotations are needed, which is why
I don't have a sane port of the constify plugin yet. We need to build
upstream-acceptable infrastructure for the write-rarely case. But, as
Julia replied, yes, there's a huge list. :)
-Kees
--
Kees Cook
Nexus Security
More information about the devel
mailing list