lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 21 Apr 2017 14:14:51 +0200
From:   "Michael Kerrisk (man-pages)" <mtk.manpages@...il.com>
To:     David Howells <dhowells@...hat.com>
Cc:     mtk.manpages@...il.com, lkml <linux-kernel@...r.kernel.org>,
        linux-fsdevel <linux-fsdevel@...r.kernel.org>, hch@...radead.org
Subject: Unchecked flags in statx(2) [Should be fixed before 4.11-final?]

Hello David,

 I was reading your statx(2) man page, and noticed this text:

       Do not simply set mask to UINT_MAX as one or more bits may, in the
       future, be used to specify an extension to the buffer.

(Here' 'mask' is the fourth argument to statx())

What is going on here? Why is there  not a check in the code to
give EINVAL if any flag other than those in STATX_ALL (0x00000fffU)
is specified? (There is a check that gives EINVAL flags in 
STATX__RESERVED (0x80000000U), but STATX_ALL != ~STATX__RESERVED.

Similarly, there appears to be no check for invalid flags in the
'flags' argument of statx(). Why is there also not such a check
there?

The failure to do these sorts of checks has been the source of grief 
in the past with other system calls.

Cheers,

Michael


-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ