lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 15 Jun 2007 03:16:26 -0400
From:	"Albert Cahalan" <acahalan@...il.com>
To:	linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org, takedakn@...data.co.jp,
	hch@...radead.org
Subject: Re: [TOMOYO 5/9] Memory and pathname management functions.

Christoph Hellwig writes:
> On Thu, Jun 14, 2007 at 04:36:09PM +0900, Kentaro Takeda wrote:

>> We limit the maximum length of any string data (such as
>> domainname and pathnames) to TOMOYO_MAX_PATHNAME_LEN
>> (which is 4000) bytes to fit within a single page.
>>
>> Userland programs can obtain the amount of RAM currently
>> used by TOMOYO from /proc interface.
>
> Same NACK for this as for AppArmor, on exactly the same grounds.
> Please stop wasting your time on pathname-based non-solutions.

This issue is a very very small wart on an otherwise fine idea.
It's really not worth getting bothered by. Truth is, big giant
pathnames break lots of stuff already, both kernel and userspace.

Just look in /proc for some nice juicy kernel breakage:
cwd, exe, fd/*, maps, mounts, mountstats, root, smaps

So, is that a NACK for the /proc filesystem too? :-)

We even limit filenames to 255 chars; just the other day
a Russian guy was complaining that his monstrous filenames
on a vfat filesystem could not be represented in UTF-8 mode.

Both TOMOYO and AppArmor are good ideas. At minimum, one of
them ought to be accepted. My preference would be TOMOYO,
having origins untainted by Novell's Microsoft dealings.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ