lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20071106135845.GJ26163@stusta.de>
Date:	Tue, 6 Nov 2007 14:58:45 +0100
From:	Adrian Bunk <bunk@...nel.org>
To:	Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
Cc:	pavel@....cz, torvalds@...ux-foundation.org, darwish.07@...il.com,
	casey@...aufler-ca.com, akpm@...ux-foundation.org,
	linux-security-module@...r.kernel.org,
	linux-kernel@...r.kernel.org, viro@....linux.org.uk
Subject: Re: [PATCH] Smackv10: Smack rules grammar + their stateful parser

On Tue, Nov 06, 2007 at 09:27:00PM +0900, Tetsuo Handa wrote:
> Hello.
> 
> Adrian Bunk wrote:
> > You have a "\?" pattern which is defined as "1 byte character other
> > than '/'".
> Don't worry. The "\?" pattern is for temporary files with /tmp/prefixXXXXXX pattern.
> /tmp/prefixXXXXXX is represented as /tmp/prefix\?\?\?\?\?\? in TOMOYO Linux's syntax.
> 
> > The user usually doesn't know how many bytes a character in a path or 
> > file name on his system has.
> The "\*" pattern is for this purpose which means more than 0 byte characters other than '/'.
> 
> TOMOYO supports various patterns
> http://tomoyo.sourceforge.jp/en/1.5.x/policy-reference.html#exception_policy.conf

And there you document \* as well as \? as wildcards for "pathname 
patterns".

And \* is not a replacement for \?. It's quite common to have both ways 
to express "one character" and to express "at least one character", and 
both have their use cases and will get used if available.

> TOMOYO Linux handles string using 7bit ASCII. In TOMOYO Linux,
> a byte 0x21 <= c <= 0x7E && c != 0x5C is represented as is,
> c == 0x5C is represented as \\,
> 0x01 <= c <= 0x20 || 0x7F <= c <= 0xFF is represented as \ooo style.
> c == 0x00 is not needed since it is used as end-of-string marker.
> This rule makes any string passed from/to kernel safely.

That's unrelated to this problem.

You talk about your internal byte representation.

But the problem is that in your code you only match one byte for \?, 
and this might or might not be equal to one character.

> Thanks.

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ