| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 13 Sep 2015 11:44:10 -0500 From: ebiederm@...ssion.com (Eric W. Biederman) To: Sean Fu <fxinrong@...il.com> Cc: Steven Rostedt <rostedt@...dmis.org>, Andrew Morton <akpm@...ux-foundation.org>, Austin S Hemmelgarn <ahferroin7@...il.com>, Andrey Ryabinin <ryabinin.a.a@...il.com>, Ulrich Obergfell <uobergfe@...hat.com>, Prarit Bhargava <prarit@...hat.com>, Eric B Munson <emunson@...mai.com>, "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>, Johannes Weiner <hannes@...xchg.org>, Thomas Gleixner <tglx@...utronix.de>, Don Zickus <dzickus@...hat.com>, Heinrich Schuchardt <xypron.glpk@....de>, David Rientjes <rientjes@...gle.com>, linux-kernel@...r.kernel.org Subject: Re: [PATCH] kernel/sysctl.c: If "count" including the terminating byte '\0' the write system call should retrun success. Sean Fu <fxinrong@...il.com> writes: > On Sat, Sep 12, 2015 at 1:01 AM, Eric W. Biederman > <ebiederm@...ssion.com> wrote: >> Sean Fu <fxinrong@...il.com> writes: >> >>>> Sounds like a reasonable compromise. Sean, can you make a patch that >>>> only affects the one proc file (comment it well in the code), and have >>>> it accept nothing past the '\0'. Even if someone passed in "1 \0 2", it >>>> would only see "1 " >>> The current code uses uniform handler (e.g. "proc_dointvec") for all >>> same type proc file. >>> So all integer type proc file are affected. >> >> No. I do not believe the proprietary binary application you are dealing >> with writes to all proc files that use the proc_dointvec handler. > I means all ctl_table whose .proc_handler is "proc_dointvec" are > affected. I mean this only deserves consideration because this is a regression report. I mean by limiting this to only the proc files that are written to by the weird program that broke we can minimize the chances that anything else will break. I do not believe that the weird program that broke writes to every proc file. Certainly I have not heard that asserted. >>> In fact, The behavior of all integer type proc file should be changed. >> >> Not at all. The only files that we can possibly justify changing today >> are the files where an actual regression is being observed. >> >> Because quite frankly 5 years is way too long to wait to report a >> regression. By and large software is reasonable and treats proc >> files as text files where '\0' is an invalid character. > 5 years is not enough long for distros, specially enterprise distros. > The most of HuaWei machines run our SLES10sp3(2.6.16, SUSE LINUX > ENTERPRISE SERVER). > They use one enterprise version for 5+ years usually. If you want to play by enterprise kernel rules please talk to your enterprise kernel support people. >> Accepting a '\0' is not at all reasonable for a text interface. The >> application that does it is buggy. > It is hard to comprehend that the current kernel can accept two bytes > "1 ", "1\t", "1\n" except "1\0". '\0' is not and has never been valid in a text file. proc files are a text interface. Expecting '\0' to be accepted is very strange, and apparently there is only one program in existence that does. That a trailing '\0' was ever accepted was due to a bug in the code. Accepting '\0' in general in a text interface is a very dangerous and buggy pattern so it must be done very carefully or else other regressions or bugs could be easily introduced. That no one has complained about this in the 5 years since the change happened strongly indicates this no one else cares. A very targeted very narrow regression fix that only handles a trailing '\0' and that only changes the behavior of proc files that matter is reasonable. Or do you volunteer to go out and test every program that has been written or updated to write to proc in the last 5 years (since the behavior changed) and verify that none of them in no circumstances depend upon failing if an trailing '\0' is included? If you can audit all of the code written in the last 5 years and verify that the change will not introduce problems for any other user space program we can talk about changing all of the proc files that use proc_dointvec. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists