lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20071013060400.GD8181@ftp.linux.org.uk>
Date:	Sat, 13 Oct 2007 07:04:00 +0100
From:	Al Viro <viro@....linux.org.uk>
To:	Casey Schaufler <casey@...aufler-ca.com>
Cc:	torvalds@...l.org, akpm@...l.org, linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org
Subject: Re: [PATCH] Version 6 (2.6.23) Smack: Simplified Mandatory Access Control Kernel

On Fri, Oct 12, 2007 at 10:01:17PM -0700, Casey Schaufler wrote:

What do you need smk_sb for?  Looks like dead weight...

smk_read_load(): obvious seq_file candidate.
smk_read_cipso(): ditto.

What protects smk_cipso_written?  BTW, its use on the read side is an
atrocity...

smk_write_doi() - WTF would NUL-terminate temp[]?  You run sscanf on
it...
smk_write_direct() - ditto
smk_write_ambient() - ditto
smk_read_ambient() - who said that you won't get write between strlen()
and simple_read_from_buffer()?

smk_import_entry():
> +	for (skp = smack_known; skp != NULL; skp = skp->smk_next)
> +		if (skp->smk_known == smack)
> +			break;
Really?  With smack[] being an auto array?

That's from quick look through the read/write in there; I hadn't really
looked into parsers or deeper into the guts.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ