lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 23 Dec 2011 14:46:11 -0800
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Paolo Bonzini <pbonzini@...hat.com>
Cc:	Willy Tarreau <w@....eu>, linux-kernel@...r.kernel.org,
	security@...nel.org, pmatouse@...hat.com, agk@...hat.com,
	jbottomley@...allels.com, mchristi@...hat.com, msnitzer@...hat.com
Subject: Re: [PATCH 2/3] block: fail SCSI passthrough ioctls on partition devices

On Fri, Dec 23, 2011 at 6:15 AM, Paolo Bonzini <pbonzini@...hat.com> wrote:
>
> But does it actually do anything?  For me, "eject /dev/sdf1" does nothing
> beyond unmounting the disk.  Yes, it sends a CDROMEJECT ioctl which becomes
> a start/stop unit SCSI command, but it has no effect on the USB stick I
> tried.

Guys, you are TOTALLY MISSING THE POINT.

The point is that the patch-series is damned dangerous. You have no
clue at all what it will do on various different distributions and
with various different hardware.

What's so hard to understand about this? Applying it at this point in
the release cycle with basically *zero* testing would be crazy. I gave
you just one example of where real people do ioctl's on a partition,
and where the behavior of the kernel clearly changes as a result.

The fact is, partitions are what most user interactions see. Suddenly
totally changing things and saying "you can't do that on a partition"
when clearly people *have* been doing that on partitions isn't
something we can do without serious testing.

No amount of "it didn't change in the one situation I tested" is going
to change that. What about somebody running their own distro (there's
this Russian distro maker who regularly finds regressions that nobody
else has ever seen)? What about somebody upgrading kernels on a
five-year-old user space (== pretty much any of the "enterprise"
distros)? What about other random hardware than just the USB disk
example that I gave?

It sounds like people didn't even *think* of the potential issues this
patch can bring. I'd absolutely be insane to apply them for -rc7.

             Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ