lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Wed, 25 Oct 2006 11:10:24 -0400
From:	Jeff Dike <jdike@...toit.com>
To:	Blaisorblade <blaisorblade@...oo.it>
Cc:	Andrew Morton <akpm@...l.org>, linux-kernel@...r.kernel.org,
	user-mode-linux-devel@...ts.sourceforge.net
Subject: Re: [uml-devel] [PATCH 04/10] uml: make execvp safe for our usage

On Sat, Oct 21, 2006 at 02:11:28AM +0200, Blaisorblade wrote:
> > This is horriby ugly.
> 
> Detail why. The code of execvp()? Passing in the buffer?
> I'm not saying it's the brightest code around here, but it's ok for me.

My initial reaction was mostly due to the look of the code, which is
fixable.  I also don't like carrying around bits of libc (although we
do have setjmp/longjmp, but that's a special case).  However, it's
unlikely that it will need much maintenance, so this is more a taste
thing as well.

> I initially thought to design a two-steps API with a "which" operation (where
> memory allocation was used) to call later execvp(); when I saw the glibc 
> implementation (it allocates one single fixed-size buffer) I saw it was 
> simpler this way.

I think I still like the two-stage thing better.  If the 'which' part
finds something that doesn't exec, then we can just spit out a nice error.

> I'd not do that at boot, but just before the fork()+execve() - it is 
> conceivable that a given user will install a support binary after booting 
> UML.

I was envisioning it being part of bootup, but doing it just before
the exec would be OK, too.

				Jeff
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ