lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 24 Jan 2012 22:28:51 -0800
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	Earl Chew <echew@...acom.com>, Ingo Molnar <mingo@...e.hu>,
	Peter Zijlstra <a.p.zijlstra@...llo.nl>,
	Eric Paris <eparis@...hat.com>,
	"Serge E. Hallyn" <serge.hallyn@...onical.com>,
	"linux-kernel\@vger.kernel.org" <linux-kernel@...r.kernel.org>,
	<adobriyan@...il.com>
Subject: Re: [PATCH] Support single byte reads from integers published in procfs by kernel/sysctl.c

Andrew Morton <akpm@...ux-foundation.org> writes:

> On Mon, 23 Jan 2012 08:47:51 -0800
> Earl Chew <echew@...acom.com> wrote:
>
>> > Rereading different bytes of the integer multiple times when the integer
>> > may be changing does not seem like a reasonable implementation.
>> 
>> Yes. I agree with you. I shall re-work the patch as per your suggestion.
>
> Yes, this is a bug and procfs should support byte-at-a-time reading of these
> strings.  And yes, they are strings!  Of digits.
>
> We fixed an instance of this in procfs a while ago (maybe a year ago?).
> But I forget where it was.  It is surprising that a bug of this nature
> survived so long.

In the one value per file take on things where the expectation and
normal practice is to read or write the entire file not just a little
bit of it, I don't think it is that surprising.

At the same time I am more embarrassed that not long ago a bug was added
to sysctl where if someone makes a sysctl file pollable and then removes
the module we can oops the kernel merely by keeping that file open.  So
far we are safe because no one has used the polling support on anything
that is modular but... 

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ