lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <m1zlw45g05.fsf@ebiederm.dsl.xmission.com>
Date:	Fri, 21 Dec 2007 06:33:46 -0700
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	"Jan Beulich" <jbeulich@...ell.com>
Cc:	<linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] constify tables in kernel/sysctl_check.c

"Jan Beulich" <jbeulich@...ell.com> writes:

>>>> Eric W. Biederman <ebiederm@...ssion.com> 21.12.07 00:05 >>>
>>"Jan Beulich" <jbeulich@...ell.com> writes:
>>
>>> Remains the question whether it is intended that many, perhaps even
>>> large, tables are compiled in without ever having a chance to get used,
>>> i.e. whether there shouldn't #ifdef CONFIG_xxx get added.
>>
>>
>>The constification looks good.  The file should be compiled only when
>>we have sysctl support.  We use those tables when we call 
>>register_sysctl_table.  Which we do a lot.
>
> I understand this. Nevertheless, the tables take 23k on 64-bits, and many
> of them are unused when certain subsystems aren't being built (and some
> are even architecture specific). The arlan tables are a particularly good
> example, but the netfilter ones are pretty big and probably not always
> used, too.

The size isn't my favorite thing.  But given how much of a mess sysctl_check.c
has allowed me to clean up and get a handle on I'm not inclined to do
anything that would compromise the checking.

Probably the sanest way to remove table entries is to individually remove and
deprecate parts of the binary sys_sysctl interface so that we don't need the
table entries.

Maybe we could through in a few #ifdefs and #defines so we can reduce
the set of allowed sysctl entries even more base on config options.

I'm not volunteering to do more then is absolutely necessary to keep
sys_sysctl working and correct until we reach a point where everyone
can agree that users of the interface truly have had fair warning and
then I intend to delete all of the code that deals with the binary
sysctl interface.

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ