lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 15 Feb 2013 23:44:44 +0100
From:	Richard Weinberger <richard@....at>
To:	akpm@...ux-foundation.org
Cc:	linux-kernel@...r.kernel.org, paul.gortmaker@...driver.com,
	davej@...hat.com, keescook@...omium.org, stable@...r.kernel.org,
	tglx@...utronix.de, gorcunov@...nvz.org, ebiederm@...ssion.com
Subject: Re: + futex-avoid-kernel-taint-caused-by-get_robust_list.patch
 added to -mm tree

Am Fri, 15 Feb 2013 14:26:52 -0800
schrieb akpm@...ux-foundation.org:
> ------------------------------------------------------
> From: Paul Gortmaker <paul.gortmaker@...driver.com>
> Subject: futex: avoid kernel taint caused by get_robust_list
> 
> Commit ec0c4274e33c0373e4 ("futex: Mark get_robust_list as
> deprecated") added these two WARN_ONCE calls.
> 
> However, WARN_ONCE taints the kernel, and we shouldn't be allowing any
> user who wanders by to do this.  For example, the system fuzzer
> "trinity" uses the tainted state as a metric for when to stop,
> assuming that it has caused significant wreckage (and indeed that
> tool is what actually led me to this change).
> 
> The ability to deprecate this code has been called into question[1],
> but if that remains to be finalized, then making this change in the
> interim seems to make sense.

Do we really want to remove this system call in 2013?
Note, Documentation/feature-removal-schedule.txt is gone...

CRIU folks, I guess you still need the call?
Or have you found an alternative way to get the robost list?

As stated in [0], I'd simply revert commit ec0c4274 ("futex: Mark
get_robust_list as deprecated")

Thanks,
//richard

[0] http://permalink.gmane.org/gmane.linux.kernel.hardened.devel/506
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ