The C programming language is famously prone to memory-safety problems
that lead to buffer overflows and a seemingly endless stream of security
vulnerabilities. But, even in C, it is possible to improve the
situation in many cases. One of those is the memcpy() family of
functions, which are used to efficiently copy or overwrite blocks of
memory; with a bit of help from the compiler, those functions can be
prevented from writing past the end of the
destination object they are passed. Enforcing that condition in the kernel
is harder than one might expect, though, as this
massive patch set from Kees Cook shows.
もっと詳しく