| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 22 Mar 2014 10:53:07 +0100 From: Alexander Holler <holler@...oftware.de> To: Andrew Morton <akpm@...ux-foundation.org> CC: linux-kernel@...r.kernel.org Subject: Re: [PATCH v2] initramfs: print error and shell out for unsupported content Am 22.03.2014 00:07, schrieb Alexander Holler: > Am 21.03.2014 23:55, schrieb Andrew Morton: >> Should we check for \t and \n as well? > > Hmm, maybe. But usually there aren't filenames wich do contain those > characters, and if you want to break (or exploit) the kernel build > process, there are easier ways. But colons and spaces are more widely > used, e.g. the colons in my initramfs were generated by bluez (look at > /var/lib/bluetooth). > > I think the current process is good enough for most stuff one wants to > put into an initramfs, and it has the great feature of the uid/guid > translation. > So just a quick check to avoid the most basic problems should be ok. And > I don't really see a need to check for \t and \n too, because nobody > sane uses them in filenames. But ok, that just would be a few chars more > in the regex for find. ;) > > I leave that up to you. Sorry for that answer, but I dislike the process which turns patch posters into remote keyboards quiet a lot. When I post a patch I usually already have spend time to discover, investigate, describe, fix the problem (as good as I can or I'm willing), write a checkpatch conforming patch, and test that patch, which most of the time sums up to several hours (I didn't want to spend at all). And then all kind of comments are arriving to change this and that and fix that typo or remove that space and the patch ping pong starts until an arbitrary maintainer or reviewer is happy. I think the process should be more like that: - patch posted (- comments from maintainer) - original patch commited - patch from maintainer or reviewer on top of the original patch commited That would give credits to both, the original patch poster and the maintainer or reviewer (for his changes). Of course, that isn't an ideal solution, but I would like it a lot, if such a process would at least be seen as a possible and reasonable way, even if it means that two patches instead of one do end up in the repository. To keep things together, maybe the second patch could be marked as [maintainer patch] or [reviewer patch], that would make it clear that both patches tie together and should be reverted both, if needed. Anyway, I'm drifting offtopic, but that was something I always wanted to suggest. But the real reason why I've started to write this mail, is that it might make sense to delete usr/.initramfs_data.cpio.d with a make (dist)clean. That file is the reason why the bug with colons might drive people crazy, because not even a make distclean (or git clean -df) will make make working again after a broken usr/.initramfs_data.cpio.d was build (with colons in filenames). Maybe I will post a patch for that too, if I'm willing to do and test it (together with a v3 of the patch which checks for \t \n and \r too). Regards, Alexander Holler -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists