lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 30 Apr 2014 16:35:12 +0200 (CEST)
From:	Lukáš Czerner <lczerner@...hat.com>
To:	"Theodore Ts'o" <tytso@....edu>
cc:	Ext4 Developers List <linux-ext4@...r.kernel.org>
Subject: Re: [PATCH 4/7] mke2fs: create a regular file if necessary

On Wed, 30 Apr 2014, Theodore Ts'o wrote:

> Date: Wed, 30 Apr 2014 10:18:15 -0400
> From: Theodore Ts'o <tytso@....edu>
> To: Lukáš Czerner <lczerner@...hat.com>
> Cc: Ext4 Developers List <linux-ext4@...r.kernel.org>
> Subject: Re: [PATCH 4/7] mke2fs: create a regular file if necessary
> 
> On Wed, Apr 30, 2014 at 04:14:16PM +0200, Lukáš Czerner wrote:
> > > Hmm, it occurs to me if the user typo's the file name in and the user
> > > specifies the size explicitly (i.e., "mke2fs /dev/scd3 2T) , it could
> > > result in the the root file system filling up.  I'm not sure that's
> > > big of a deal, since the user can always control-C the mke2fs and then
> > > delete the typo'ed file name.  Do we think this is a real problem?
> > > I'm not too worried...
> > 
> > Oops, yes that would be nasty :) I'm not too worried either, but
> > I've done my share of typos as well, so I am not sure. And since
> > we're already asking a lot of questions anyway maybe we can ask
> > about this one as well ?
> 
> The problem is if we do this, then scripts will do "mke2fs -F ..." to
> avoid the query, and I'd really like to avoid training script authors
> to do this.  It undoes the point of some of the other patches in this
> patch series.

Yes, I do not like having to force people to use force either. Well,
there is a certain limit where we should go to correct user
mistakes and it seems that beyond that...

But having mkfs to print out the information that it's actually
creating the file is the least we can do.

-Lukas

> 
> We could have some proceed_questions() fail to "yes", and some fail to
> "no", but I'm wondering if we really want to go to that level of
> complexity....
> 
> 						- Ted
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ