lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 19 May 2008 14:24:37 +0200
From:	"Michael Kerrisk" <mtk.manpages@...glemail.com>
To:	"Miklos Szeredi" <miklos@...redi.hu>
Cc:	drepper@...hat.com, viro@...iv.linux.org.uk,
	akpm@...ux-foundation.org, linux-kernel@...r.kernel.org,
	linux-man@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH] utimensat() non-conformances and fixes -- version 2

Miklos,

On Mon, May 19, 2008 at 11:50 AM, Miklos Szeredi <miklos@...redi.hu> wrote:
>> Regarding your suggestions above, are you meaning something like the
>> patch below?
>
> Yes.
>
>> The patch is a little less pretty than I'd like because of the need to
>> return EACCES or EPERM depending on whether (times == NULL).  In
>> particular, these lines in utimes.c:
>>
>> +     if (!times && error == -EPERM)
>> +             error = -EACCES;
>>
>> seem a little fragile (but maybe I worry too much).
>
> It's not only fragile, it's ugly as sin.  I'd rather do it this way:
>
> - initialize error to zero
> - if no write access then set error, and the ATTR_TIMES_UPDATE(*) flag
> - set error2 from result of notify_change()
> - if error is zero then return error2, otherwise return error
>
> (*) I've been mulling over the name and perhaps ATTR_OWNER_CHECK would
> be better, or something that implies that it's not really about
> updating the times, but about checking the owner.

This all makes sense, but...

> Also could you do the patch against the
>
>  git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs.git vfs-cleanups
>
> tree, which does big structural cleanups to do_utimes?

You keep moving the goalposts here...  First, it was provide an
obvious correct fix (for the non-conformances); then: can you cleanup
the owner checks; then: can you rewrite against my git tree...  My
time at the moment is fairly limited, and I have a problem: currently,
I'm not a git user.  That'll change soon, but I don't have the time to
change it now.  Can I just download a snapshot tarball of your git
changes somehwere?  Alternatively, when do you expect your changes to
make it into an rc?

Cheers,

Michael
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ