lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 23 May 2008 20:02:08 +0200
From:	Miklos Szeredi <miklos@...redi.hu>
To:	zippel@...ux-m68k.org
CC:	miklos@...redi.hu, hch@...radead.org,
	linux-fsdevel@...r.kernel.org, viro@...IV.linux.org.uk,
	linux-kernel@...r.kernel.org
Subject: Re: [patch 06/14] hfsplus: remove hfsplus_permission()

> > And so I strongly suggest this patch as well.  Apparently this feature
> > is not even used by anybody, otherwise somebody would have noticed
> > when Trond's fix broke execute permission checking on regular files...
> 
> And I'm very strongly against this.
> If you wanted to rip out the resource inode logic, it would be more than 
> this.
> At worst this code does nothing right now, so why this sudden rush to 
> remove this without even an attempt of fixing it?

Because

 a) it's nontrivial to fix (even understanding the problem is
 nontrivial, see Documentation/filesystems/directory-locking)

 b) the feature is obviously unused, so the easiest fix is simply to
 remove it for the time being.

We generally don't leave code around which is known to be deadlockable
by unprivileged users.  Of course if you have a better fix, then
that's fine.

Miklos
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists