lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 12 Feb 2021 16:39:25 -0800
From:   Joe Perches <joe@...ches.com>
To:     "Eric W. Biederman" <ebiederm@...ssion.com>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        Alexey Dobriyan <adobriyan@...il.com>,
        linux-fsdevel <linux-fsdevel@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] proc: Convert S_<FOO> permission uses to octal

On Fri, 2021-02-12 at 17:44 -0600, Eric W. Biederman wrote:

> I certainly do not see sufficient consensus to go around changing code
> other people maintain.

Every patch by a non-maintainer that doesn't have commit rights to
whatever tree is just a proposal.

> My suggest has the nice property that it handles all 512 different
> combinations.  I think that was the only real downside of Ingo's
> suggestion.  There are just too many different combinations to define
> a set of macros to cover all of the cases.

The treewide kernel use of octal vs symbolic permissions is ~2:1

There are about 11k uses of 4 digit octal values used for permissions
already in the kernel sources that are not in comments or strings.

$ git ls-files -- '*.[ch]' | xargs scc | sed 's/".*"//g' | grep -P -w '0[0-7]{3,3}' | wc -l
10818

(scc is a utility tool that strips comments from c source
 see: https://github.com/jleffler/scc-snapshots#readme)

vs:

$ git grep -w -P 'S_I[RWX][A-Z]{3,5}' | wc -l
5247

To my knowledge there just aren't many 4 digit octal uses in the
kernel sources that are _not_ permissions.

I believe the only non-permission 4 digit octal int uses not in
comments are:

include/uapi/linux/a.out.h
#define OMAGIC 0407
#define NMAGIC 0410
#define ZMAGIC 0413
#define QMAGIC 0314
#define CMAGIC 0421
#define N_STAB 0340

include/uapi/linux/coff.h
#define COFF_STMAGIC	0401
#define COFF_OMAGIC     0404
#define COFF_JMAGIC     0407     
#define COFF_DMAGIC     0410     
#define COFF_ZMAGIC     0413     
#define COFF_SHMAGIC	0443

fs/binfmt_flat.c:
	if ((buf[0] != 037) || ((buf[1] != 0213) && (buf[1] != 0236))) {

lib/inflate.c:
	((magic[1] != 0213) && (magic[1] != 0236))) {

And maybe those last 2 tests for gzip identification should be combined
into some static inline and use something other than magic constants.


Powered by blists - more mailing lists