lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4a93cdb4-031c-4f77-8697-ce7fb42afa4a@t-8ch.de>
Date: Tue, 5 Dec 2023 23:41:32 +0100
From: Thomas Weißschuh <linux@...ssschuh.net>
To: Luis Chamberlain <mcgrof@...nel.org>
Cc: Kees Cook <keescook@...omium.org>, 
	"Gustavo A. R. Silva" <gustavoars@...nel.org>, Iurii Zaikin <yzaikin@...gle.com>, 
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Joel Granados <j.granados@...sung.com>, 
	linux-hardening@...r.kernel.org, linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH v2 13/18] sysctl: move sysctl type to ctl_table_header

On 2023-12-05 14:33:38-0800, Luis Chamberlain wrote:
> On Mon, Dec 04, 2023 at 08:52:26AM +0100, Thomas Weißschuh wrote:
> > @@ -231,7 +231,8 @@ static int insert_header(struct ctl_dir *dir, struct ctl_table_header *header)
> >  		return -EROFS;
> >  
> >  	/* Am I creating a permanently empty directory? */
> > -	if (sysctl_is_perm_empty_ctl_header(header)) {
> > +	if (header->ctl_table == sysctl_mount_point ||
> > +	    sysctl_is_perm_empty_ctl_header(header)) {
> >  		if (!RB_EMPTY_ROOT(&dir->root))
> >  			return -EINVAL;
> >  		sysctl_set_perm_empty_ctl_header(dir_h);
> 
> While you're at it.

This hunk is completely gone in v3/the code that you merged.

> This just made me cringe, and curious if some other changes
> could be done to make this obviously clear during patch review
> that this is safe.

Which kind of unsafety do you envision here?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ