lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 11 Dec 2007 12:15:00 -0500
From:	Paul Moore <paul.moore@...com>
To:	David Miller <davem@...emloft.net>
Cc:	netdev@...r.kernel.org, linux-audit@...hat.com,
	selinux@...ho.nsa.gov
Subject: Re: [PATCH v2] XFRM: assorted IPsec fixups

On Tuesday 11 December 2007 12:06:11 pm David Miller wrote:
> From: Paul Moore <paul.moore@...com>
> Date: Tue, 11 Dec 2007 11:30:19 -0500
>
> Sorry for not pointing this out sooner:

No problem, better late than never ... despite reports to the contrary, 
breaking userspace doesn't excite me as much as it used to ;)

> >  * Convert 'sid' to 'secid'
> >    The 'sid' name is specific to SELinux, 'secid' is the common naming
> >    convention used by the kernel when refering to tokenized LSM labels
>
>  ...
>
> > diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
> > index b58adc5..f75a337 100644
> > --- a/include/linux/xfrm.h
> > +++ b/include/linux/xfrm.h
> > @@ -31,7 +31,7 @@ struct xfrm_sec_ctx {
> >  	__u8	ctx_doi;
> >  	__u8	ctx_alg;
> >  	__u16	ctx_len;
> > -	__u32	ctx_sid;
> > +	__u32	ctx_secid;
> >  	char	ctx_str[0];
> >  };
>
> This datastructure has been exported to userspace, so we really can't
> member names unless it was added only in 2.6.24 and I don't think it
> was.
>
> Correct me if I'm wrong.

Ungh, I didn't think the whole structure was exported to userspace as a single 
binary blob; I'd assumed it was passed back and forth as individual 
fields/attributes.  I guess the old adage about assuming applies here ...

Grrr, that "sid" really bothers me but I guess it's a wart we're going to have 
to live with.  Stoopid userspace :)

I still would like to see the rest of the changes make it into 2.6.25 (the SPI 
byte order thing is particularly troublesome) so if you don't mind a "v3" 
I'll respin this patch right now to remove the "sid -> secid" bits.

-- 
paul moore
linux security @ hp
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ