lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAGk-QBvLKnW7NWTHz0r3hRY7w3Pj_2ZoNy4Nowgu5ydJEDstfw@mail.gmail.com>
Date:	Sun, 13 Sep 2015 20:39:31 +0800
From:	Sean Fu <fxinrong@...il.com>
To:	"Eric W. Biederman" <ebiederm@...ssion.com>
Cc:	Steven Rostedt <rostedt@...dmis.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Austin S Hemmelgarn <ahferroin7@...il.com>,
	Andrey Ryabinin <ryabinin.a.a@...il.com>,
	Ulrich Obergfell <uobergfe@...hat.com>,
	Prarit Bhargava <prarit@...hat.com>,
	Eric B Munson <emunson@...mai.com>,
	"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>,
	Johannes Weiner <hannes@...xchg.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Don Zickus <dzickus@...hat.com>,
	Heinrich Schuchardt <xypron.glpk@....de>,
	David Rientjes <rientjes@...gle.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] kernel/sysctl.c: If "count" including the terminating
 byte '\0' the write system call should retrun success.

On Sat, Sep 12, 2015 at 1:01 AM, Eric W. Biederman
<ebiederm@...ssion.com> wrote:
> Sean Fu <fxinrong@...il.com> writes:
>
>>> Sounds like a reasonable compromise. Sean, can you make a patch that
>>> only affects the one proc file (comment it well in the code), and have
>>> it accept nothing past the '\0'. Even if someone passed in "1 \0 2", it
>>> would only see "1 "
>> The current code uses uniform handler (e.g. "proc_dointvec") for all
>> same type proc file.
>> So all integer type proc file are affected.
>
> No.  I do not believe the proprietary binary application you are dealing
> with writes to all proc files that use the proc_dointvec handler.
I means all ctl_table whose .proc_handler is "proc_dointvec" are affected.
>
>> In fact, The behavior of all integer type proc file should be changed.
>
> Not at all.  The only files that we can possibly justify changing today
> are the files where an actual regression is being observed.
>
> Because quite frankly 5 years is way too long to wait to report a
> regression.  By and large software is reasonable and treats proc
> files as text files where '\0' is an invalid character.
5 years is not enough long for distros, specially enterprise distros.
The most of HuaWei machines run our SLES10sp3(2.6.16, SUSE LINUX
ENTERPRISE SERVER).
They use one enterprise version for 5+ years usually.
>
> Accepting a '\0' is not at all reasonable for a text interface.  The
> application that does it is buggy.
It is hard to comprehend that the current kernel can accept  two bytes
"1 ", "1\t", "1\n" except "1\0".
>
> Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ