lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Sep 2015 09:51:45 -0400 From: Steven Rostedt <rostedt@...dmis.org> To: Sean Fu <fxinrong@...il.com> Cc: "Eric W. Biederman" <ebiederm@...ssion.com>, Andrew Morton <akpm@...ux-foundation.org>, Austin S Hemmelgarn <ahferroin7@...il.com>, Andrey Ryabinin <ryabinin.a.a@...il.com>, Ulrich Obergfell <uobergfe@...hat.com>, Prarit Bhargava <prarit@...hat.com>, Eric B Munson <emunson@...mai.com>, "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>, Johannes Weiner <hannes@...xchg.org>, Thomas Gleixner <tglx@...utronix.de>, Don Zickus <dzickus@...hat.com>, Heinrich Schuchardt <xypron.glpk@....de>, David Rientjes <rientjes@...gle.com>, linux-kernel@...r.kernel.org Subject: Re: [PATCH] kernel/sysctl.c: If "count" including the terminating byte '\0' the write system call should retrun success. On Tue, 15 Sep 2015 17:10:11 +0800 Sean Fu <fxinrong@...il.com> wrote: > According to POSIX standard, "The write() function shall attempt to > write nbyte bytes from the buffer pointed to by buf to the file > associated with the open file descriptor, fildes.". > So it is not the length of string(strlen). Why do we care about the "write()" function? Yeah, so be it. Send out as much data as you want. We care about the effects of the proc file system by the input it receives. You can send in X amounts of data. That's not broken. The only apps that would send out a string to the proc filesystem that includes "\0" and beyond is root kits. I'm sorry but your arguments are starting to go south. I'm starting to think that the app that broke is a root kit, and maybe it's best to just Nack this. -- Steve > > On Mon, Sep 14, 2015 at 4:05 AM, Steven Rostedt <rostedt@...dmis.org> wrote: > > On Sun, 13 Sep 2015 20:39:31 +0800 > > Sean Fu <fxinrong@...il.com> wrote: > > > > > >> > Accepting a '\0' is not at all reasonable for a text interface. The > >> > application that does it is buggy. > >> It is hard to comprehend that the current kernel can accept two bytes > >> "1 ", "1\t", "1\n" except "1\0". > > > > Um, it does not seem hard to comprehend at all. As this is a string, > > and it acts the same as a printf() or strlen. > > > > strlen("1 ") == 2 > > strlen("1\t") == 2 > > strlen("1\n") == 2 > > strlen("1\0") == 1 > > > > Big difference to me. > > > > -- Steve > > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists