| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230814113852.GD2247938@mit.edu>
Date: Mon, 14 Aug 2023 07:38:52 -0400
From: "Theodore Ts'o" <tytso@....edu>
To: Eric Biggers <ebiggers@...nel.org>
Cc: Matthew Wilcox <willy@...radead.org>,
Gabriel Krisman Bertazi <krisman@...e.de>,
viro@...iv.linux.org.uk, brauner@...nel.org, jaegeuk@...nel.org,
linux-fsdevel@...r.kernel.org, linux-ext4@...r.kernel.org,
linux-f2fs-devel@...ts.sourceforge.net
Subject: Re: [PATCH v5 01/10] fs: Expose helper to check if a directory needs
casefolding
On Sat, Aug 12, 2023 at 09:30:22PM -0700, Eric Biggers wrote:
> Well, one thing that the kernel community can do to make things better is
> identify when a large number of bug reports are caused by a single issue
> ("userspace can write to mounted block devices"), and do something about that
> underlying issue (https://lore.kernel.org/r/20230704122727.17096-1-jack@suse.cz)
> instead of trying to "fix" large numbers of individual "bugs". We can have 1000
> bugs or 1 bug, it is actually our choice in this case.
That's assuming the syzbot folks are willing to enable the config in
Jan's patch. The syzbot folks refused to enable it, unless the config
was gated on CONFIG_INSECURE, which I object to, because that's
presuming a threat model that we have not all agreed is valid.
Or rather, if it *is* valid some community members (or cough, cough,
**companies**) need to step up and supply patches. As the saying
goes, "patches gratefully accepted". It is *not* the maintainer's
responsibility to grant every single person whining about a feature
request, or even a bug fix.
- Ted
Powered by blists - more mailing lists