| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Jan 2008 11:38:00 +0000 From: Alan Cox <alan@...rguk.ukuu.org.uk> To: Andi Kleen <andi@...stfloor.org> Cc: Alexey Dobriyan <adobriyan@...il.com>, akpm@...l.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] Remove BKL from sysctl(2) On 23 Jan 2008 12:09:05 +0100 Andi Kleen <andi@...stfloor.org> wrote: > Alan Cox <alan@...rguk.ukuu.org.uk> writes: > > > > There are cases that updating the corepath name and dumping a core at the > > same moment can result in the wrong thing being exec()'d or a file being > > opened which is a mix of the old and new name and could go anywhere. > > > > I see two variants on your patch that work > > > > #1 Replace the lock_kernel with a sysctl_update mutex and fix both > > paths > > #2 Add locking specifically to the corename path > > Doesn't that apply to pretty much all proc_dostring users, not just > corename? > > Some of them might be already broken if their readers don't take BKL. > Also possibly some of the proc_dointvec for multiple numbers. Yes - that's why I am wondering if we want a general 'sysctl' mutex or just to fix the specific case. The corename case is nasty as it is timing dependant against user activity rather than the less interesting "root can be silly" type of problem. If we have a general lock we can then fix the string cases, or even add a sysctl_string_get() type function. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists