| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210428061706.GC5084@lst.de>
Date: Wed, 28 Apr 2021 08:17:06 +0200
From: Christoph Hellwig <hch@....de>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Christoph Hellwig <hch@....de>,
"Darrick J. Wong" <djwong@...nel.org>, Jia He <justin.he@....com>,
Al Viro <viro@...iv.linux.org.uk>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
linux-xfs <linux-xfs@...r.kernel.org>,
Dave Chinner <david@...morbit.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Eric Sandeen <sandeen@...deen.net>
Subject: Re: [GIT PULL] iomap: new code for 5.13-rc1
On Tue, Apr 27, 2021 at 01:05:13PM -0700, Linus Torvalds wrote:
> So how many _would_ be enough? IOW, what would make %pD work better
> for this case?
Preferably all.
> Why are the xfstest messages so magically different from real cases
> that they'd need to be separately distinguished, and that can't be
> done with just the final path component?
>
> If you think the message is somehow unique and the path is something
> secure and identifiable, you're very confused. file_path() is in no
> way more "secure" than using %pD4 would be, since if there's some
> actual bad actor they can put newlines etc in the pathname, they can
> do chroot() etc to make the path look anything they like.
Nothing needs to be secure. It just needs to not scare users because
they can see that the first usually two components clearly identify
this is the test file system.
Powered by blists - more mailing lists