lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CALCETrXTP3AXmK1iT1z-m=N2Yw9pWbSiby3U+EO_TMhsKqM1yA@mail.gmail.com>
Date:	Wed, 15 Apr 2015 15:26:15 -0700
From:	Andy Lutomirski <luto@...capital.net>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Steven Rostedt <rostedt@...dmis.org>,
	One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>,
	Jiri Kosina <jkosina@...e.cz>,
	Al Viro <viro@...iv.linux.org.uk>,
	Borislav Petkov <bp@...en8.de>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Arnd Bergmann <arnd@...db.de>,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	Tom Gundersen <teg@...m.no>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Daniel Mack <daniel@...que.org>,
	David Herrmann <dh.herrmann@...il.com>,
	Djalal Harouni <tixxdz@...ndz.org>
Subject: Re: [GIT PULL] kdbus for 4.1-rc1

On Wed, Apr 15, 2015 at 11:18 AM, Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
> On Wed, Apr 15, 2015 at 11:11 AM, Greg Kroah-Hartman
> <gregkh@...uxfoundation.org> wrote:
>> On Wed, Apr 15, 2015 at 01:33:27PM -0400, Steven Rostedt wrote:
>>>
>>> I'll argue that you can't fix the later one. One thing that I've observed over
>>> the years of having faster computers is, as soon as you make it faster, people
>>> will write slower software.
>>>
>>> Currently the issue is that we have thousands of dbus queries, you make dbus
>>> 10x faster, I guarantee that people will write software with 10 thousand dbus
>>> queries and we are no better off than we are today.
>>
>> Then they get to buy a faster machine :)
>
> Is there actually a performance issue?
>
> I've seen this claimed, but I have never seen any actual numbers. What
> speeds up? By how much? is it actually measurable?
>
> Maybe they've marched past me in this thread-from-hell. But I can't
> recall having seen any (not now, not before).
>
> That said, I think the more serious issue is that if Luto complains
> about the capability-capturing code being completely broken, then
> people need to take that *seriously*.

To be fair: the userspace version in systemd is completely broken, and
v1 of kdbus's was completely broken.  v2's is, as far as I know, just
conceptually wrong and highly unlikely to be useful in any legitimate
fashion, but it's no longer obvious to me that it's exploitable.

(That being said, Eric doesn't like it, and I haven't re-read it
recently.  So it could still be completely broken.)

--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ