lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date:	Thu, 25 Apr 2013 08:43:09 -0700
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Jiri Slaby <jslaby@...e.cz>
Cc:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Jiri Slaby <jirislaby@...il.com>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] TTY: fix atime/mtime regression

On Thu, Apr 25, 2013 at 5:40 AM, Jiri Slaby <jslaby@...e.cz> wrote:
>
> To revert to the old behaviour while still preventing attackers to
> guess the password length, we update the timestamps in ten-second
> intervals by this patch.

Hmm. Why ten seconds? Wouldn't it make more sense to use some natural
boundary, like a full minute?

Also, if I read the code correctly, this can actually make time go
*backwards* for the inode when the tty is first created. So it would
seem to be much better for tty_get_inode_time() to be passed in the
pointer to the tty time to be updated, so that it can avoid doing a
backwards jump.

Finally, if you're just interested in the seconds (like you are),
don't use "current_kernel_time()" that unnecessarily does the whole
nsec calculation. Just do "get_seconds()".

IOW, the end result would be something like

  void tty_update_time(struct timespec *time)
  {
    unsigned long sec = get_seconds();
    sec -= sec % 60;
    if ((long)(sec - time->tv_sec) > 0)
      time->tv_sec = sec;
  }

(That whole "(long)(sec - time->tv_sec)" is to handle wrapping time
correctly, we don't want to stop updating the inode in 2038 on 32-bit
machines).

Hmm?

             Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ