lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 08 Jun 2007 18:19:28 -0700 From: Ulrich Drepper <drepper@...hat.com> To: Al Viro <viro@....linux.org.uk> CC: Linus Torvalds <torvalds@...ux-foundation.org>, Davide Libenzi <davidel@...ilserver.org>, Alan Cox <alan@...rguk.ukuu.org.uk>, Theodore Tso <tytso@....edu>, Eric Dumazet <dada1@...mosbay.com>, Kyle Moffett <mrmacman_g4@....com>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Andrew Morton <akpm@...ux-foundation.org>, Ingo Molnar <mingo@...e.hu> Subject: Re: [patch 7/8] fdmap v2 - implement sys_socket2 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Al Viro wrote: > Exactly. Put it another way, randomizer is a stress-tester. ... and a security mechanism. And as such it is only useful if it is used. Probably it should be policy-controlled whether you can turn it off. > Note that > #define NR_FILES <some constant> > > for (i = 0; i < NR_FILES; i++) > close(i); You're confusing the problems. This is not the argument for having a separate file descriptor set. It is the argument to have hidden file descriptors. Randomization has nothing whatsoever to do with this example. - -- ➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGagAg2ijCOnn/RHQRAhV+AJ9qT2epTxDWWS++74f+vrV3NucVHACdGkxm MULoyE+0NY7dSHcB2epKe7w= =o3+1 -----END PGP SIGNATURE----- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists