lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <200910281947.31777.rjw@sisk.pl> Date: Wed, 28 Oct 2009 19:47:31 +0100 From: "Rafael J. Wysocki" <rjw@...k.pl> To: jim owens <jowens@...com> Cc: Eric Paris <eparis@...isplace.org>, Robert Hancock <hancockrwd@...il.com>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Kernel Testers List <kernel-testers@...r.kernel.org> Subject: Re: [Bug #14474] restorecond going crazy on 2.6.31.4 - inotify regression? On Wednesday 28 October 2009, jim owens wrote: > Rafael J. Wysocki wrote: > > On Tuesday 27 October 2009, Eric Paris wrote: > >> It's a restorecond bug. restorecon acted as if watch descriptors > >> could never be reused. They weren't on old kernels and it's possible > >> they are reused now. Restorecon was fixed. > >> > >> http://marc.info/?l=selinux&m=125380417916233&w=2 > >> > >> a change in the kernel caused a buggy userspace program to break. I > >> know how to put the kernel back the way it was, but I don't know if we > >> call this a regression, you guys tell me. > > > > Yes, we do, AFAICS. The policy is not to break user space, even if it happens > > to work by accident. > > But if we make a rule of "never break even bad user programs" then > we also should never plug security holes because that breaks a > user program expecting that attack vector :) Well, that's why this rule is not carved in stone. Clearly, there are some cases in which we can't afford keeping the buggy user space happy, not only security-related. Thanks, Rafael -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists