lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 7 Dec 2023 12:05:21 +0100
From: Joel Granados <j.granados@...sung.com>
To: Thomas Weißschuh <linux@...ssschuh.net>
CC: Luis Chamberlain <mcgrof@...nel.org>, Kees Cook <keescook@...omium.org>,
	"Gustavo A. R. Silva" <gustavoars@...nel.org>, Iurii Zaikin
	<yzaikin@...gle.com>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	<linux-hardening@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
	<linux-fsdevel@...r.kernel.org>
Subject: Re: [PATCH v2 00/18] sysctl: constify sysctl ctl_tables

On Tue, Dec 05, 2023 at 09:04:08AM +0100, Thomas Weißschuh wrote:
> On 2023-12-04 21:50:14-0800, Luis Chamberlain wrote:
> > On Mon, Dec 04, 2023 at 08:52:13AM +0100, Thomas Weißschuh wrote:
> > > Tested by booting and with the sysctl selftests on x86.
> > 
> > Can I trouble you to rebase on sysctl-next?
> > 
> > https://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux.git/log/?h=sysctl-next
> 
> Will do.
> 
> Note:
> 
> I noticed that patch "sysctl: move sysctl type to ctl_table_header" from
> this series seems to be the better alternative to
> commit fd696ee2395755a ("sysctl: Fix out of bounds access for empty sysctl registers")
> which is currently on sysctl-next.
Indeed. By taking this out of the ctl_table, we would not need to make
sure that we don't touch that (potentially non-existing) first element.

This is what I think should be done (@Luis @Kees chime in if you have any
thoughts):
1. Leave the current fix for 6.7. AFAIK, it is already queued for that
   release and it is a bit late in the cycle to put anything new in.
2. I think this patch has value on its own as a better solution to the
   "access invalid memory" issue. @thomas: remove this patch from your
   const set and send it in a different patch series.
3. const patchset would need to go on top of the new set.

Having it on its own will allow it to go in faster and make it easier to
review without having to thinkg about the const stuff as well.

Best
> 
> The patch from the series should only depend on
> "sysctl: drop sysctl_is_perm_empty_ctl_table" from my series.
> 
> Thomas

-- 

Joel Granados

Download attachment "signature.asc" of type "application/pgp-signature" (660 bytes)

Powered by blists - more mailing lists