| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20080208135816.f242a846.akpm@linux-foundation.org> Date: Fri, 8 Feb 2008 13:58:16 -0800 From: Andrew Morton <akpm@...ux-foundation.org> To: ebiederm@...ssion.com (Eric W. Biederman) Cc: hs4233@...l.mn-solutions.de, michael-lists@...e-electrons.com, linux-kernel@...r.kernel.org Subject: Re: [PATCH] sysctl: allow embedded targets to disable sysctl_check.c On Fri, 08 Feb 2008 03:36:41 -0700 ebiederm@...ssion.com (Eric W. Biederman) wrote: > Andrew Morton <akpm@...ux-foundation.org> writes: > > > On Thu, 7 Feb 2008 14:38:58 +0100 Holger Schurig <hs4233@...l.mn-solutions.de> > > wrote: > > > >> Disable sysctl_check.c for embedded targets. This saves about about 11 kB > >> in .text and another 11 kB in .data on a PXA255 embedded platform. > >> > > > > Nice improvement. But iirc sysctl_check was overtly a temporary thing. > > Eric, was that the intention? > > Well so far sysctl_check has been a remarkably effective little piece of code > in catching a great many long over looked bugs. > > I do agree that the static tables are big. My current inclination is to modify > sys_sysctl so that it does a look up in the binary tables to find the ascii > names and then sys_sysctl can lookup the information in the ascii tables. > > If we do that we can completely remove ctl_name form the external sysctl data > structures, which should save us quite a bit of space and make it absolutely > impossible to add a new binary name. And with the current ability to compile > out sys_sysctl the embedded folks would get their space savings. > > I believe the only tricky bit is there are a few places in the network code > where we need to translate from ifindex to interface name. Otherwise > the mapping is fixed. > > No that isn't quite right. Getting the binary to ascii translation for the > values is also a bit tricky. > > As for the rest of the checks I don't know if they are that big. If they > are then an option to compile them out on embedded platforms where you > know what you are doing makes sense. At the same time sysctl has been so > badly abused in the past, and so very many bugs have been over looked > that I am extremely reluctant to disable simple sanity checks at > registration time. > > If we can remove the need for sysctl users to implement the binary > interface many of those checks go completely away as the reason for their > existence would be gone. > > I have seen to many absolutely horrible things in the usage of the sysctl > tables to be happy with an option that removes the sanity checks at this > point, although the patch likely makes sense from a code size perspective. > > Let's see if we can find a bit of time to make those big tables completely > specific to sys_sysctl and kill ctl_name in the kernel. Long term that is > a whole lot more maintainable, and smaller for everyone who can disable > sys_sysctl. mm... I'm inclined to merge the patch. It's a decent saving, and it requires CONFIG_EMBEDDED which most people don't appear to set. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists