lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <532D5D83.4000101@ahsoftware.de>
Date:	Sat, 22 Mar 2014 10:53:07 +0100
From:	Alexander Holler <holler@...oftware.de>
To:	Andrew Morton <akpm@...ux-foundation.org>
CC:	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] initramfs: print error and shell out for unsupported
 content

Am 22.03.2014 00:07, schrieb Alexander Holler:
> Am 21.03.2014 23:55, schrieb Andrew Morton:

>> Should we check for \t and \n as well?
>
> Hmm, maybe. But usually there aren't filenames wich do contain those
> characters, and if you want to break (or exploit) the kernel build
> process, there are easier ways. But colons and spaces are more widely
> used, e.g. the colons in my initramfs were generated by bluez (look at
> /var/lib/bluetooth).
>
> I think the current process is good enough for most stuff one wants to
> put into an initramfs, and it has the great feature of the uid/guid
> translation.
> So just a quick check to avoid the most basic problems should be ok. And
> I don't really see a need to check for \t and \n too, because nobody
> sane uses them in filenames. But ok, that just would be a few chars more
> in the regex for find. ;)
>
> I leave that up to you.

Sorry for that answer, but I dislike the process which turns patch 
posters into remote keyboards quiet a lot.

When I post a patch I usually already have spend time to discover, 
investigate, describe, fix the problem (as good as I can or I'm 
willing), write a checkpatch conforming patch, and test that patch, 
which most of the time sums up to several hours (I didn't want to spend 
at all).

And then all kind of comments are arriving to change this and that and 
fix that typo or remove that space and the patch ping pong starts until 
an arbitrary maintainer or reviewer is happy.

I think the process should be more like that:

- patch posted
(- comments from maintainer)
- original patch commited
- patch from maintainer or reviewer on top of the original patch commited

That would give credits to both, the original patch poster and the 
maintainer or reviewer (for his changes).

Of course, that isn't an ideal solution, but I would like it a lot, if 
such a process would at least be seen as a possible and reasonable way, 
even if it means that two patches instead of one do end up in the 
repository.
To keep things together, maybe the second patch could be marked as 
[maintainer patch] or [reviewer patch], that would make it clear that 
both patches tie together and should be reverted both, if needed.

Anyway, I'm drifting offtopic, but that was something I always wanted to 
suggest.

But the real reason why I've started to write this mail, is that it 
might make sense to delete usr/.initramfs_data.cpio.d with a make 
(dist)clean. That file is the reason why the bug with colons might drive 
people crazy, because not even a make distclean (or git clean -df) will 
make make working again after a broken usr/.initramfs_data.cpio.d was 
build (with colons in filenames).

Maybe I will post a patch for that too, if I'm willing to do and test it 
(together with a v3 of the patch which checks for \t \n and \r too).

Regards,

Alexander Holler

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ