lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5202A284.7010106@linuxtoys.org>
Date:	Wed, 07 Aug 2013 12:39:48 -0700
From:	Bob Smith <bsmith@...uxtoys.org>
To:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
CC:	Arnd Bergmann <arnd@...db.de>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 001/001] CHAR DRIVERS: a simple device to give daemons
 a /sys-like interface

Greg Kroah-Hartman wrote:
>>   *    sudo chmod 666 /dev/proxyout /dev/proxyctrl
> That's mighty permissive :(
For a demo it might be OK.

BUT: I think I should modify the module to forward a close request
(write 0 bytes) only if the sender UID matched the proxy node's UID.
This might not be strictly required but is a security nice to have.


>>   *    gcc -o pxtest pxtest.c
>>   *    ./pxtest &
>>   *    cat /dev/proxyout    # view the output
>>   *    (switch to another terminal window)
>>   *    cat /dev/proxyctrl   # what is the offset?
>>   *    echo 2 > /dev/proxyctrl  # set offset to 2
>>   */
>
> I really don't understand this, you just have two programs talking to
> each other, passing the data blindly through the kernel.  Again, we
> already have over 10 different ways to do IPC these days, are you _sure_
> that _none_ of them work for you like this?  You have gone and looked at
> them all, right?

All along I've had a clear goal.  I want to configure a running program
the same way I configure the kernel.  It is simple and I don't need any
language bindings.
	cat /dev/proxyctrl   # what is the offset?
	echo 2 > /dev/proxyctrl  # set offset to 2

Yes, I am sure that nothing else will do.  A named pipe is the closest
but it has a buffer and is not bidirectional.   I am also convinced that
there is no way to do what I want with fewer lines of code.

thanks
Bob Smith

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ