| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 04 Nov 2008 11:20:38 -0500 From: Michael Kerrisk <mtk.manpages@...glemail.com> To: Daniel Gollub <dgollub@...e.de> CC: Kai Henningsen <kai.extern@...glemail.com>, mtk.manpages@...glemail.com, linux-kernel@...r.kernel.org, linux-api@...r.kernel.org, linux-man@...r.kernel.org, ltp-list@...ts.sourceforge.net, "A.E. Brouwer" <aeb@....tue.nl> Subject: Re: [patch 0/3] [RFC] kernel/glibc mismatch of "readlink" syscall? Daniel, Daniel Gollub wrote: > On Friday 31 October 2008 16:02:48 Kai Henningsen wrote: >> Am Fri, 24 Oct 2008 17:53:25 -0500 >> >> schrieb "Michael Kerrisk" <mtk.manpages@...glemail.com>: >>> Hi Daniel, >>> >>> On Thu, Oct 23, 2008 at 9:50 AM, Daniel Gollub <dgollub@...e.de> >>> >>> wrote: >>>> EINVAL bufsiz is not positive. >>> The EINVAL error was added to man-pages-1.18 in 1997 (even though, as >>> you note, the type was "size_t"). I suspect (this was well before I >>> had any association with man-pages) that was done to reflect kernel >>> reality (since one could bypass glibc invoke the syscall directly), >>> but obviously it is inconsistent with the prototype. >> Actually, it's not inconsistent as described, though perhaps that is >> unintentional. "Not positive" isn't the same as "negative", as zero >> isn't positive either, and zero is certainly a possible value of an >> unsigned type > > True. So, at this stage I don't plan to make any change to man-pages. (Let me know if you think this is the wrong course.) > But there is still the problem for the ltp syscall test "readlink03", when > using the glibc "readlink" interface, by calling readlink with a buffer size > of "-1". > > Calling "-1" seems to be a valid code/error-path in the linux syscall > "readlink", since there is a check for less-equal zero. > > But the less zero, condition can't be reached via the glibc "readlink" > interface since this would cause fortify-check to fail (when buliding with - > D_FORITFY_SOURCE=2). > > To "workaround" the fortify check, by not compiling the testcase with - > D_FORTIFY_SOURCE=2, or trying to test the linux readlink interface by calling > directly syscall() in the testcase ... both suggestion are just workarounds - > no real solutions. > > We could also just remove the testcase of buffer size "-1". > > The problem is still, how to test the "readlink" syscall in LTP? I'd say: remove this test. And add one for bufsiz==0 if there isn't one already. -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ git://git.kernel.org/pub/scm/docs/man-pages/man-pages.git man-pages online: http://www.kernel.org/doc/man-pages/online_pages.html Found a bug? http://www.kernel.org/doc/man-pages/reporting_bugs.html -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists