lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 3 Nov 2007 14:30:30 -0400
From:	Kyle Moffett <mrmacman_g4@....com>
To:	"Ahmed S. Darwish" <darwish.07@...il.com>
Cc:	Casey Schaufler <casey@...aufler-ca.com>, akpm@...l.org,
	torvalds@...l.org, linux-security-module@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Smackv10: Smack rules grammar + their stateful parser

On Nov 03, 2007, at 12:43:06, Ahmed S. Darwish wrote:
> Bashv3 builtin "echo" behaves very strangely to -EINVAL. It sends  
> all the buffers that causes -EINVAL again in subsequent echo  
> invocations.
>
> i.e.
> echo "Invalid Rule" > /smack/load  # -EINVAL returned
> echo "Valid Rule" > /smack/load
>
> In seconod iteration, echo sends the first invalid buffer again  
> then sends the new one. This causes a "Invalid Rule\nValid Rule"  
> buffer sent to write().
>
> IMHO, this is a bug in builtin echo. The external /bin/echo doesn't  
> cause such strange behaviour.

Actually, what causes problems here is something between a bug and a  
feature in libc's buffering.  Basically the -EINVAL error causes libc  
to leave its data in the file-output buffer despite the file being  
closed and reopened. Since a standalone echo just exits that buffer  
is discarded, but for the bash builtin it hangs around in the buffer  
for a while and ends up getting prepended to the following echo  
statement.  There's actually multiple ways to make this fail; this is  
just the simplest.

Cheers,
Kyle Moffett

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ