| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Jun 2012 21:01:18 -0700 From: Andrew Morton <akpm@...ux-foundation.org> To: Wanpeng Li <liwp.linux@...il.com> Cc: Fengguang Wu <fengguang.wu@...el.com>, Rob Landley <rob@...dley.net>, Alexander Viro <viro@...iv.linux.org.uk>, "Eric W. Biederman" <ebiederm@...ssion.com>, Lucas De Marchi <lucas.demarchi@...fusion.mobi>, "David S. Miller" <davem@...emloft.net>, Jan Kara <jack@...e.cz>, Mel Gorman <mgorman@...e.de>, Minchan Kim <minchan.kim@...il.com>, David Howells <dhowells@...hat.com>, James Morris <james.l.morris@...cle.com>, Ingo Molnar <mingo@...e.hu>, Michel Lespinasse <walken@...gle.com>, linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org, Gavin Shan <shangw@...ux.vnet.ibm.com> Subject: Re: [PATCH v2] remove no longer use of pdflush interface On Wed, 6 Jun 2012 11:21:27 +0800 Wanpeng Li <liwp.linux@...il.com> wrote: > >Secondly, this code will permit unprivileged users to flood the logs, > >by repeatedly reading /proc/sys/vm/nr_pdflush_threads. We try to avoid > >this, as it is a form of denial-of-service attack. > > > >This is a bit hard to fix. The typical way of addressing this is to > >use printk_once(), so the message only appears once per boot. But that > >doesn't work for a generic function - we'd need to add one bit of state > >to the ctl_table to do this. We can of course do that, but it's not > >obvious that it's _worth_ doing that just for handling obsolete > >entries. > > > >So perhaps the solution is to give up on the generic proc_obsolete() > >idea, and just add a handler specifically for nr_pdflush_threads, whcih > >uses printk_once(). > > What about modify the generic proc_obsolete just to put the warning message into > the buffer, then transfer to userspace, in order to users can see this warning.Do > you think this is a better idea? err, no. That's deliberately corrupting the output of an existing interface. In response to this change userspace might crash, hand over root privileges or tune to a porn channel. Instead we should yield a well-formed response such as "0" (or maybe non-zero, if a zero response might be unexpected) and inform the system operator via conventional means. ie: syslog. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists