lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 18 Jan 2023 11:39:39 -0800
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Eric Biggers <ebiggers@...nel.org>
Cc:     Ext4 Developers List <linux-ext4@...r.kernel.org>,
        Andreas Dilger <adilger@...ger.ca>,
        Eric Whitney <enwlinux@...il.com>,
        "Jason A. Donenfeld" <Jason@...c4.com>,
        Masahiro Yamada <masahiroy@...nel.org>
Subject: Re: Detecting default signedness of char in ext4 (despite -funsigned-char)

On Wed, Jan 18, 2023 at 11:14 AM Eric Biggers <ebiggers@...nel.org> wrote:
>
> Now, we seem to have gotten the "let's break userspace, lol" version of Linus
> today, not the "SHUT THE FUCK UP, WE DO NOT BREAK USERSPACE" version of Linus

Heh.

Note that the reason I'm so laissez-faire about it is that "broken
test case" is something very different from "actually broken user
space".

I haven't actually seen anybody _report_ this as a problem, I've only
seen the generic/454 xfstest failures.

And "test failure" is simply not the same thing as "user failure".

Test failures are interesting in that they can most definitely
pinpoint the source of _potential_ user failures, but sometimes they
are just esoteric corner cases that don't happen in reality.

So the fact that we have had this bug since forever makes me suspect
absolutely nobody cares in real life. Yes, what's new is that it
happens on the same machine, but people have definitely moved ext4 USB
sticks around etc. I've most definitely done that myself, and it's not
been just between x86 machines.

Of course, it may also be that the filesystem patterns when you move a
USB stick around is very different from, say, the root filesystem
where you _don't_ necessarily tend to do it. So maybe the lack of
reports over the decades is not because people don't use xattrs with
the high bit set in the xattr names, but because it only happens in
situations that don't have that filesystem movement.

I dunno. On my system, at least, there is absolutely no sign of any
odd xattr names, according to something disgusting like

   find / -xdev -type f -print0 | xargs -0 getfattr

but who knows.

              Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ