| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <17249.1338473462@redhat.com>
Date: Thu, 31 May 2012 15:11:02 +0100
From: David Howells <dhowells@...hat.com>
To: Rusty Russell <rusty@...tcorp.com.au>
Cc: dhowells@...hat.com, kyle@...artin.ca,
linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org, keyrings@...ux-nfs.org
Subject: Re: [PATCH 00/23] Crypto keys and module signing
Rusty Russell <rusty@...tcorp.com.au> wrote:
> > That then adds 5 bytes to the magic string. Is that really so bad?
>
> Yes, because it's unnecessary.
I'm sorry Rusty, but this argument is disingenuous.
Yes, a length field in the file is unnecessary - BUT SO TOO is scanning! By
this argument, your idea is really so bad too. It's all about the trade off
one chooses to make. I do not accept your chosen trade off[*] as being the
best one.
David
[*] And, yes, it *is* a trade off: you are trading CPU time and permanently
resident kernel code space in order to save a tiny amount of disk
space[**].
[**] Assuming 512 byte blocks and a 5 byte size field, probably fewer than 1%
of modules will expand sufficiently to consume an extra block. Further,
making it a 2-byte binary field would make it even less intrusive, both
in the file and in the module verifier.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists