lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080526104832.GG23261@elte.hu>
Date:	Mon, 26 May 2008 12:48:32 +0200
From:	Ingo Molnar <mingo@...e.hu>
To:	Theodore Tso <tytso@....edu>,
	Arjan van de Ven <arjan@...ux.intel.com>,
	Jan Kara <jack@...e.cz>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Greg KH <greg@...ah.com>,
	Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: Top 10 bugs/warnings for the week of March 23rd, 2008


* Theodore Tso <tytso@....EDU> wrote:

> On Mon, May 26, 2008 at 11:39:13AM +0200, Ingo Molnar wrote:
> > Exactly why is pulling an USB stick considered "stupid"? Last i checked 
> > there was no physical lock preventing users from doing that.
> > 
> > Sure, pulling a mounted USB stick is inconvenient ... for _us_ 
> > kernel developers. But the user really doesnt care and shouldnt 
> > care.
> 
> Because they could lose data?  Because if the kernel wakes up and 
> tries writing to the USB stick right as they pull it out, it could 
> physically damage the flash format?  I know, stupid reason...  :-)

user can lose data in many other ways, that's not the issue - the issue 
here is something very crutial: the kernel gets confused about a _very_ 
common user-triggerable condition.

That confusion must not happen in a modern OS and the kernel should be 
resilient and cope with such external events. And we must not 
deprioritize it with an incorrect "user did something stupid" tag... 
That argument might have been valid 15 years ago when floppies could be 
locked and you needed a needle to force-eject it but it is rather lame 
today when unplugging an USB stick is as easy as moving the mouse.

If there's something stupid here it's the kernel not dealing with that 
condition properly. Yes, the "user action" here looks "trivial" to the 
user but what happens below is indeed very hard technically, but who 
said that writing an OS from scratch would be an easy task? ;-)

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ