lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <cfd18e0f0901131536v30d01881uec31e08000be883c@mail.gmail.com>
Date:	Wed, 14 Jan 2009 12:36:44 +1300
From:	"Michael Kerrisk" <mtk.manpages@...glemail.com>
To:	"Andrew Morton" <akpm@...ux-foundation.org>
Cc:	roland@...hat.com, torvalds@...ux-foundation.org,
	linux-kernel@...r.kernel.org, drepper@...hat.com,
	vegard.nossum@...il.com, linux-man@...r.kernel.org,
	stable@...nel.org
Subject: Re: [PATCH] sys_waitid: return -EFAULT for NULL

On Wed, Jan 14, 2009 at 12:24 PM, Andrew Morton
<akpm@...ux-foundation.org> wrote:
> On Wed, 14 Jan 2009 12:14:20 +1300
> "Michael Kerrisk" <mtk.manpages@...glemail.com> wrote:
>
>> On Wed, Jan 14, 2009 at 11:49 AM, Roland McGrath <roland@...hat.com> wrote:
>> > It's always been invalid to call waitid() with a NULL pointer.  It was an
>> > oversight that it was allowed (and acts like a wait4() call instead).
>> >
>> > Signed-off-by: Roland McGrath <roland@...hat.com>
>>
>> Modulo the observation that this change will break any Linux-specific
>> application that violate POSIX.1's requirement that infop not be NULL
>> (*), and rely on the existing Linux behavior for
>> waitd(idtype,id,NULL,options):
>>
>
> Well yes.  waitid() has been in there since 2.6.9.  I assume that it
> has had this wait4-emulation mode for that amount of time as well?

AFIACS, yes.

>> (*) It seems unlikely that such applications exist, and we really
>> should make this change for POSIX.1 conformance.
>
> Well, we might get away with it.  But formally speaking, we should live
> with our Linux-specific screwup.

Yes, tricky.  On the one hand, we shouldn't break the ABI.  On the
other hand, POSIX.1 is explicit in disallowing the case that would
lead the ABI change made by this patch.  (For what it is worth, the
man page was released at pretty much the same time as the syscall, and
has always documented that the return value on success was 0, and
Vegard was the first person to report this case that deviated from the
doc.)

> If we _are_ going to make this change then we should merge it as far
> back in -stable as we can, to reduce the risk that people will develop
> applications on kernel version A only to have then behave differently
> on version B.

Ack.

-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
git://git.kernel.org/pub/scm/docs/man-pages/man-pages.git
man-pages online: http://www.kernel.org/doc/man-pages/online_pages.html
Found a bug? http://www.kernel.org/doc/man-pages/reporting_bugs.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ