lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 7 Dec 2011 00:52:54 +0000
From:	Al Viro <viro@...IV.linux.org.uk>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	John Johansen <john.johansen@...onical.com>,
	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Re: [git pull] apparmor fix for __d_path() misuse

On Tue, Dec 06, 2011 at 04:39:40PM -0800, Linus Torvalds wrote:
> I suspect some users really might want a path for debugging, though.
> 
> > ? ? ? ?d_absolute_path(path, ancestor, buf, buflen) - grabs the
> > reference to the most remote ancestor it can find, puts pathname
> > into buf, never returns NULL.
> 
> But why do you want that ancestor thing?

Because the path is useless without some idea where it starts?
"It was /foo/bar/baz counting from some point; might have
been global root, might have been any random mountpoint if we'd
raced with umount and you've got no way to tell one from another"
is not particulary useful in logs.

The thing is, on the next boot exact same line might grow or lose
a prefix.  Randomness of that kind is OK if you know that the
pathname is just the best-effort thing here and you *always*
end up guessing which one it was.  But here most of the real-world
cases will have them relative to absolute root and stable.  That's
a really ugly combination - something that works most of the time
until you hit a race.  Then, without any notice, you need to
guess that _this_ time have to go looking for what that pathname
might have been appended to...  Not fun.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ