lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 17 Jul 2007 22:12:09 -0700 (PDT)
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Roland Dreier <rdreier@...co.com>
cc:	Jeff Garzik <jeff@...zik.org>, akpm@...ux-foundation.org,
	linux-kernel@...r.kernel.org, linux-ide@...r.kernel.org,
	chas@....nrl.navy.mil, rolandd@...co.com, dwmw2@...radead.org,
	gregkh@...e.de
Subject: Re: [git patches 1/2] warnings: attack valid cases spotted by
 warnings



On Tue, 17 Jul 2007, Roland Dreier wrote:
> 
>  > Anyway, here's a totally untested cleanup that compiles but probably 
>  > doesn't work, because I didn't check that I did the right thing with all 
>  > the pointer arithmetic (ie when I change "wqe" to a real structure pointer 
>  > instead of just a "void *", maybe I left some pointer arithmetic around 
>  > that expected it to work as a byte pointer, but now really works on the 
>  > whole structure size instead).
> 
> Given that you took the time to do this, I'll get the patch into a
> working state and apply it.  And maybe split it into reviewable chunks
> while I'm at it ;)

Hey, I appreciate it, but I really do have to warn you that I did this all 
blind, and just meant for it to be a "I think this kind of direction is 
more productive" thing. I'm not going to guarantee that it works at all.

I spent more time than I really wanted to on actually making sure the end 
result even compiles (quite often, I'm perfectly happy to just send out 
pseudo-code to indicate what I think should be done), but maybe I 
shouldn't have done that, just so that nobody thinks that the patch is 
necessarily going to *work*.

In other words, it's a totally mindless cleanup and re-factorization. It 
*may* work, but quite frankly, I did it just for that one email, and spent 
the absolutly minimum possible time thinking about it. As a result, I 
really think it needs some serious looking over.

I also think that my new "handle_raddr_seg()" function could itself be 
split up into subfunctions along the "switch()" subcases.

So not only wasn't it meant to be guaranteed correct, but it wasn't even 
meant to be seen as the best possible final situation: it could be - and 
should be - factored out even more (and the same goes for a lot of the 
other functions in that file that I didn't really look at, just glance and 
notice that they have some of the same problem patterns).

		Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ