lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Sun, 24 Jun 2007 23:12:55 -0400
From:	Kyle Moffett <mrmacman_g4@....com>
To:	"C. Scott Ananian" <cscott@...top.org>
Cc:	Arnd Bergmann <arnd@...db.de>, linux-kernel@...r.kernel.org
Subject: Re: inotify and /proc?

On Jun 22, 2007, at 18:51:10, C. Scott Ananian wrote:
> Back to kernel-land: in an IPv6 only world, it might make sense to  
> export a /proc file compatible with the format of /etc/resolv.conf,  
> with one DNS server address per line.  If glibc uses/used inotify  
> on /etc/resolv.conf, then symlinking /etc/resolv.conf to /proc/net/ 
> ipv6_dns allows glibc to get kernel DNS autoconfiguration updates  
> without a special case.  [Assuming that glibc was smart enough to  
> watch the referenced file and not the symlink...]
>
> A draft patch to implement /proc/net/ipv6_dns is attached, just to  
> make the discussion concrete. [Not guaranteed to apply cleanly, as  
> I'm not sure that gmail won't munge the whitespace.  But it should  
> be readable at least.]

Ewwww, I suspect you're likely to get a lot of NAKs from people on  
this one.

1)  Why must the kernel grok the DNS portions of the packets?  Can't  
you just have a little userspace daemon which listens for the  
appropriate ICMPv6 messages and updates /etc/resolv.conf  
accordingly?  That way you could even have userspace policy about  
which DNS information is acceptable for the given system.

2)  New files in /proc which aren't directly related to processes are  
strictly forbidden.  Hopefully eventually (IE: in several years when  
appropriate replacements are widely used) the /proc/meminfo, /proc/ 
cpuinfo, /proc/mdstat, and other similar non-process-related files  
can be made to go away, but we certainly aren't adding new ones.

3)  It's really ugly to generate random text data from kernelspace,  
because then people write 42 different userspace parsers for the text  
data and each one has subtle incompatibilities which make it  
impossible to extend the file in the future.  This is why (2) is true.

4)  Within 30 sec of such a patch going in, the virtualization people  
are going to start griping at you for not properly implementing a  
virtual namespace-ized IPv6 DNS autoconfiguration proc-file.  Since  
that really can't be done easily without putting lots of policy in  
the kernel it's probably easier to just follow the advice in (1) and  
do it in userspace.

Cheers,
Kyle Moffett

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists