lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 14 Jun 2011 10:59:41 -0700
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Denys Vlasenko <vda.linux@...glemail.com>
Cc:	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: Linux 3.0-rc3

On Tue, Jun 14, 2011 at 5:15 AM, Denys Vlasenko
<vda.linux@...glemail.com> wrote:
>
> I've got a patch for my project to fix parsing of kernel version which
> has only two numbers. Basically,
>
> - scanf(ver, "%u.%u.%u", &a, &b, &c)
> + sscanf(ver, "%u.%u", &a, &b)

Please just fix it.

The projects that care about kernel version are buggy in so many ways
that it's not funny.

It's not just the "two versus three digits" bug either. The *bigger*
bug is usually that the tests are done the wrong way entirely, namely
to fail when you cannot parse the version. And that's just f*%!ing
stupid!

If you cannot parse the version, then rather than fail, a project
should have gone "uh, it's some future version that I don't recognize
or some other OS entirely, so I'll just do whatever the most modern
thing is". Having an "assert()" or returning an error is just the mark
of incompetence.

So please just fix things. Preferably by removing the version check
entirely, but if you really feel that you cannot do that, then AT
LEAST realize that the reason you're looking at the version is to
support *old* versions, not new ones, and make the logic work that way
(so that next time around, when we change the version numbers to be
sanscrit characters and you fail parsing them *again*, you don't
actually fail, you just go "oh, this is modern" and go on with your
life).

In other words: don't be stupid.

Ok?

                      Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ