lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 19 Nov 2007 17:14:55 +0100
From:	Eric Dumazet <dada1@...mosbay.com>
To:	Ulrich Drepper <drepper@...hat.com>
Cc:	linux-kernel@...r.kernel.org, akpm@...ux-foundation.org,
	mingo@...e.hu, tglx@...utronix.de, torvalds@...ux-foundation.org
Subject: Re: [PATCHv3 0/4] sys_indirect system call

On Mon, 19 Nov 2007 07:48:23 -0800
Ulrich Drepper <drepper@...hat.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Eric Dumazet wrote:
> > So when you recompile your old program (as you post it and as I commented on),
> > it will pass a >= 12 bytes data to kernel, with only first 4 bytes set to O_CLOEXEC.
> > 
> > Other bytes will contain junk 
> 
> If you don't initialize the entire structure and you use it all, of
> course you get undefined behavior.  That's nothing new.  The program I
> attached is not an example, it's a test for the functionality in this patch.
> 
> Like with every kernel interface, you have to use it correctly.  The
> good news is that user programs should never use this syscall directly
> (just like don't for existing ones).
> 
> I see no problem at all here.

I do see a problem, because some readers will take your example as a reference,
as it will probably sit in a page that google^Wsearch_engines will bring at the
top of search results for next ten years or so. 

(I bet for "sys_indirect syscall" -> http://lwn.net/Articles/258708/ )

Next time you post it, please warn users that it will break in some years, or
state clearly this should only be used internally by glibc.

Thank you
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ