lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20070107135935.GA26355@thunk.org>
Date:	Sun, 7 Jan 2007 08:59:35 -0500
From:	Theodore Tso <tytso@....edu>
To:	Amit Choudhary <amit2030@...oo.com>
Cc:	Rene Herman <rene.herman@...il.com>,
	Linux Kernel <linux-kernel@...r.kernel.org>
Subject: Re: [DISCUSS] Making system calls more portable.

On Sun, Jan 07, 2007 at 01:07:41AM -0800, Amit Choudhary wrote: 
> Now, let's say a vendor has linux_kernel_version_1 that has 300
> system calls. The vendor needs to give some extra functionality to
> its customers and the way chosen is to implement new system call.
> The new system call number is 301. The customer gets this custom
> kernel and uses number 301.  Next, he downloads another kernel
> (newer linux kernel version) on his system that has already
> implemented the system call numbered 301. The customer now runs his
> program. Even if he compiles it again he has the old header files,
> so that does not make a difference.

So the vendor is doing something bad, and his customers will pay the
price, and they will switch to another vendor who isn't doesn't create
traps for their customers.   What's the problem?  :-)

Serious,y you got into trouble in your second sentence --- and not
just by the use of the passive voice: "the way chosen is to implement
(a) new system call".  Don't do that.

There are plenty of other ways of requesting kernel services; you can
create your own device driver and pass string commands to the device
driver, for example.  What?  You say string-based parsing is slow?
But you were just advocating doing that for all system calls!

Well, then your other choice is to convince the kernel developers that
the interface is stable, and of general interest to the community ---
and if not, then perhaps a more general version of the interface can
be made, with peer review improving the design, and then that can get
implemented.

One example (of both strategies) is shared namespaces.  A vendor's
engineers worked with the Linux VFS developers to introduce shared
namespaces, so that in the future an important product of theirs will
be able to use that feature, instead of a custom kernel module, which
was getting too expensive to maintain.  Getting shared namespaces in
took well over a year, and it'll probably another year or two before
all customers' systems will have it and the product can be revved to
use it, but that's an example of the right way to do things; and in
the meantime, customers are using the version that requires a binary
module that does *NOT* use system calls to provide kernel callouts,
but a custom filesystem instead.

						- Ted
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ