lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <6101059.mmHSTVrola@wuerfel>
Date:	Tue, 20 Oct 2015 13:07:53 +0200
From:	Arnd Bergmann <arnd@...db.de>
To:	Jesper Nilsson <jesper.nilsson@...s.com>
Cc:	John Stultz <john.stultz@...aro.org>,
	Jesper Nilsson <jespern@...s.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Alexander Viro <viro@...iv.linux.org.uk>,
	lkml <linux-kernel@...r.kernel.org>,
	"linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>,
	Michael Kerrisk <mtk@...7.org>,
	Miroslav Lichvar <mlichvar@...hat.com>,
	Arnd Bergmann <arnd.bergmann@...aro.org>
Subject: Re: [RESEND PATCH] timerfd: Allow TFD_TIMER_CANCEL_ON_SET with relative timeouts

On Tuesday 20 October 2015 10:59:34 Jesper Nilsson wrote:
> On Tue, Oct 20, 2015 at 10:18:22AM +0200, Arnd Bergmann wrote:
> > On Monday 19 October 2015 11:53:25 John Stultz wrote:
> > > 
> > > But yea. At the same time I get you want to avoid user-pain like in
> > > the case of the badly initialized RTC, but in that case would
> > > returning 0 for RTC reads greater then y2038 on 32 bit systems be a
> > > more sane fix?
> > 
> > I like that idea. In theory we could go further and check that the RTC
> > is somewhere between 2015 and 2037 (or higher on 64-bit systems) but
> > return 0 (1970) for anything that is outside of that range. That might
> > have side-effects for users that have a legitimate reason to backdate
> > their clocks though.
> 
> This is how the RTC framework used to handle it before the referenced
> patch in my original mail, so a reversal (conditional on 32bit)
> would solve that part of the problem.

I thought about it some more and unfortunately fail to see a long-term
strategy here. In the future, a kernel will support user space with
either 32-bit or 64-bit time_t, in different tasks.

Going back to the wraparound means that the 64-bit time_t based
tasks won't work beyond 2038 either, but as you say the current
code breaks things that used to work.

I would like to introduce a Kconfig symbol like CONFIG_Y2038_UNSAFE
defaults to on, but can be disabled on 32-bit architectures in order
to leave out all known unsafe code from the kernel (including the
existing system calls that pass a time argument). We could possibly
use that as a guard here as well, to only use the 64-bit time
variant if CONFIG_Y2038_UNSAFE is disabled, but it would be nice
to have a kernel that can run the old binaries and that is also
working beyond 2038 when used with new binaries.

Note that the same problem you see now also exists on all 64-bit
architectures running 32-bit user space, and has been like that
since the start.

> It also looks like Miroslav's patch will handle the other cases of a
> accidental user initiated set of a bad date or a maliciously set NTP.
> Though, from my point of view, a wrap-around to 1970 would be just as valid
> as a jump one week in the past.
> 
> What's the current status of that patch?

It's basically NAKed.

	Arnd
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ