| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <E1Kl7V2-00026B-20@be1.7eggert.dyndns.org> Date: Wed, 01 Oct 2008 21:36:39 +0200 From: Bodo Eggert <7eggert@....de> To: Eric Paris <eparis@...hat.com>, "Serge E. Hallyn" <serue@...ibm.com>, James Morris <jmorris@...ei.org>, linux-kernel@...r.kernel.org, sds@...ho.nsa.gov, morgan@...nel.org, selinux@...ho.nsa.gov, Arjan van de Ven <arjan@...radead.org> Subject: Re: [PATCH] capability: WARN when invalid capability is requested rather than BUG/panic Eric Paris <eparis@...hat.com> wrote: > Do we have any concern of a module being compiled against a new kernel > say with cap number 35 defined and then loaded into a kernel with only > 34 capabilities? Do we care about that forward compatibility? If we > care BUG is scary. EPERM would be the right thing since clearly on this > kernel the process can't possibly have cap #35. > > We really have 4 options (in the order I like them). > > 1) do nothing (garbage in garbage out, sometimes panic sometimes not) > 2) mask CAP_TO_INDEX (garbage in garbage out, no panic) > 3) BUG_ON(!cap_valid(flag)) (garbage in BUG out, no panic) > 4) WARN_ON/EPERM (garbage in EPERM out, no panic) 5) Use a macro or inline function to test for $cap <= $max_cap, eliminating the test in the final code. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists