lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140218232702.GA26051@redhat.com>
Date:	Tue, 18 Feb 2014 18:27:02 -0500
From:	Dave Jones <davej@...hat.com>
To:	David Rientjes <rientjes@...gle.com>
Cc:	Akinobu Mita <akinobu.mita@...il.com>,
	Linux Kernel <linux-kernel@...r.kernel.org>,
	Al Viro <viro@...iv.linux.org.uk>
Subject: Re: [PATCH] Set bounds on what /proc/self/make-it-fail accepts.

On Tue, Feb 18, 2014 at 02:32:02PM -0800, David Rientjes wrote:
 > On Tue, 18 Feb 2014, Dave Jones wrote:
 > 
 > > /proc/self/make-it-fail is a boolean, but accepts any number, including
 > > negative ones. Change variable to unsigned, and cap upper bound at 1.
 > 
 > Hmm, this would break anything that uses anything other than one to enable 
 > it, but it looks like Documentation/fault-injection/fault-injection.txt 
 > only provides an example for when it does equal one, so it's probably an 
 > ok change.  I'm just wondering why non-zero is wrong?  Is this an 
 > interface that will be extended to support other modes?

"Wrong" is perhaps too strong a word, but we only ever check it for non-zero state,
so it seems at best suboptimal to allow strange configurations.

When I saw I could set it to nonsense values like -1, I figured it could
use some idiot proofing. The lack of any checking at all surprised me.

Future extension of this interface seems unlikely given the boolean sounding name.
(Though we've done that in the past with things like the overcommit_memory sysctl,
 with pretty awful end-user results).

	Dave

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ