| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Nov 2009 20:32:32 +0000 (UTC) From: daw@...berkeley.edu (David Wagner) To: linux-kernel@...r.kernel.org Subject: Re: [PATCH 3/4] security/selinux: decrement sizeof size in strncmp Casey Schaufler wrote: >James Morris wrote: >> Do you see potential for a buffer overrun in this case? > >No, but I hate arguing with people who think that every time >they see strcmp that they have found a security flaw. So don't argue with those people, then. Those people are probably deluded or ill-informed, if that's what they think every time they see strcmp(). If you feel you absolutely must respond to them, send them here and let them make the case for their position directly, with a concrete technical argument -- if they have one (which I doubt). Or, better yet, ignore those people. If they have a kneejerk reaction that "strcmp() = security flaw", what makes you think they have anything useful to contribute anyway? I don't think this concern should have any weight whatsoever in the decision on whether to patch the code. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists