| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 09 Mar 2015 11:01:12 +0100 From: Jiri Slaby <jslaby@...e.cz> To: Raymond Jennings <shentino@...il.com> CC: gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org, john_paul.perry@...atel-lucent.com, stable@...r.kernel.org, Linus Torvalds <torvalds@...ux-foundation.org> Subject: Re: [PATCH 1/1] tty: fix up atime/mtime mess, take four On 03/06/2015, 02:16 PM, Raymond Jennings wrote: > On Fri, 2015-02-27 at 18:40 +0100, Jiri Slaby wrote: >> So check the absolute difference of times and if it large than "8 >> seconds or so", always update the time. That means we will update >> immediatelly when changing time. Ergo, CAP_SYS_TIME can foul the >> check, but it was always that way. > > If I may ask, what is supposed to happen normally when you write to a > tty device? I always thought the tty device was treated just like a > normal file wrt. timestamps. > > Now I see a patch for 8 seconds something. Yes, because you do not want to be given any clue when users are typing passwords. You could intercept the length of the password from the pauses between key strokes (tty timestamps). thanks, -- js suse labs -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists