| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 Mar 2015 14:42:02 +0000 From: Mark Rutland <mark.rutland@....com> To: Frank Rowand <frowand.list@...il.com> Cc: Russell King - ARM Linux <linux@....linux.org.uk>, Rob Herring <robherring2@...il.com>, Rob Herring <robh+dt@...nel.org>, "grant.likely@...aro.org" <grant.likely@...aro.org>, Michal Marek <mmarek@...e.cz>, Ian Campbell <ijc+devicetree@...lion.org.uk>, Kumar Gala <galak@...eaurora.org>, Leif Lindholm <leif.lindholm@...aro.org>, Pawel Moll <Pawel.Moll@....com>, "devicetree@...r.kernel.org" <devicetree@...r.kernel.org>, "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>, "linux-kbuild@...r.kernel.org" <linux-kbuild@...r.kernel.org>, Linux Kernel list <linux-kernel@...r.kernel.org> Subject: Re: [patch 2/7] dt: dtb version: document chosen/dtb-info node binding > > You must be *absolutely* *sure* that you want to export this information, > > and that you are absolutely happy with the consequences which would occur > > should userspace then start using this information in a way which you did > > not intend, which could very well block you from ever being able to change > > the version number from a prescribed "this version number makes userspace > > work" value. > > I understand the concern you are expressing. And I agree it is an issue to > be concerned about and not dismissed. But I also think that the concern is > mis-characterizing the "DTB version". To pick on the example in patch 0, > an analogous Linux version is "#5" (not "4.0.0"): > > Linux version 4.0.0-rc4-dirty (frank@...ldhost) (gcc version 4.6.x-google 20120106 (prerelease) (GCC) ) #5 SMP PREEMPT Wed Mar 18 20:04:48 PDT 2015 > > and the proposed DTB version is "#4": > > DTB version 4.0.0-rc4-dirty (frank@...ldhost) (DTC 1.4.0-dirty) #4 Wed Mar 18 20:04:11 PDT 2015 > > I don't think the concern holds for "#5" and "#4". > > I will concede that there is something unique in the proposed DTB version - > the source code system commit version number (in this example "4.0.0-rc4-dirty" > from git). The problem that Russell is describing is that regardless of the origin and intended purpose of the value, some consumer of the value will decide that some arbitrary value means something special to them (even if it does not), and when this changes thigns will break. So in that respect, it doesn't matter where the value came from or what you intend it to mean; it will almost certainly be abused. We try to avoid introducing fragile interfaces like these. Mark. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists