lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 15 Sep 2015 09:51:45 -0400
From:	Steven Rostedt <rostedt@...dmis.org>
To:	Sean Fu <fxinrong@...il.com>
Cc:	"Eric W. Biederman" <ebiederm@...ssion.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Austin S Hemmelgarn <ahferroin7@...il.com>,
	Andrey Ryabinin <ryabinin.a.a@...il.com>,
	Ulrich Obergfell <uobergfe@...hat.com>,
	Prarit Bhargava <prarit@...hat.com>,
	Eric B Munson <emunson@...mai.com>,
	"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>,
	Johannes Weiner <hannes@...xchg.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Don Zickus <dzickus@...hat.com>,
	Heinrich Schuchardt <xypron.glpk@....de>,
	David Rientjes <rientjes@...gle.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] kernel/sysctl.c: If "count" including the terminating
 byte '\0' the write system call should retrun success.

On Tue, 15 Sep 2015 17:10:11 +0800
Sean Fu <fxinrong@...il.com> wrote:

> According to POSIX standard,  "The write() function shall attempt to
> write nbyte bytes from the buffer pointed to by buf to the file
> associated with the open file descriptor, fildes.".
> So it is not the length of string(strlen).

Why do we care about the "write()" function? Yeah, so be it. Send
out as much data as you want. We care about the effects of the proc file
system by the input it receives. You can send in X amounts of data.
That's not broken. The only apps that would send out a string to the
proc filesystem that includes "\0" and beyond is root kits. I'm sorry
but your arguments are starting to go south. I'm starting to think that
the app that broke is a root kit, and maybe it's best to just Nack this.

-- Steve


> 
> On Mon, Sep 14, 2015 at 4:05 AM, Steven Rostedt <rostedt@...dmis.org> wrote:
> > On Sun, 13 Sep 2015 20:39:31 +0800
> > Sean Fu <fxinrong@...il.com> wrote:
> >
> >
> >> > Accepting a '\0' is not at all reasonable for a text interface.  The
> >> > application that does it is buggy.
> >> It is hard to comprehend that the current kernel can accept  two bytes
> >> "1 ", "1\t", "1\n" except "1\0".
> >
> > Um, it does not seem hard to comprehend at all. As this is a string,
> > and it acts the same as a printf() or strlen.
> >
> >         strlen("1 ") == 2
> >         strlen("1\t") == 2
> >         strlen("1\n") == 2
> >         strlen("1\0") == 1
> >
> > Big difference to me.
> >
> > -- Steve
> >

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists