lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <650dc1b8-d801-2263-2e5c-eb833f2c4534@rasmusvillemoes.dk>
Date:   Wed, 28 Apr 2021 09:47:13 +0200
From:   Rasmus Villemoes <linux@...musvillemoes.dk>
To:     Gioh Kim <gi-oh.kim@...os.com>,
        Andy Shevchenko <andy.shevchenko@...il.com>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: [PATCH] lib/string: sysfs_streq works case insensitively

On 28/04/2021 09.31, Gioh Kim wrote:
> On Wed, Apr 28, 2021 at 8:42 AM Andy Shevchenko
> <andy.shevchenko@...il.com> wrote:
>>

>>
>> Are you sure it’s good change? Sysfs is used for an ABI and you are opening a can of worms. From me NAK to this change without a very good background description that tells why it is safe to do.
> 
> https://www.spinics.net/lists/kernel/msg3898123.html
> My initial idea was making a new function: sysfs_streqcase.
> Andrew and Greg suggested making sysfs_streq to be case-insensitive.
> I would like to have a discussion about it.

1. That information should be in the commit log, not some random
babbling about case sensitivity of file systems.

2. So as Andy says, this is changing ABI for a whole lot of users in one
go. While it's _probably_ true that nobody would care (because it just
ends up accepting more strings, not fewer), your motivation seems to be
to replace uses of strncasecmp() to prevent "disableGARBAGE@#$@#@" to be
accepted as equivalent to "disable". I.e., those potential new users of
sysfs_streq() would have their ABI changed towards being less
permissive. That's a bigger change, with a higher chance of breaking
something. Do you even know if the maintainers of those drivers would
accept a switch to a case-insensitive sysfs_streq()?

Sorry, I really think you need a lot stronger motivation for introducing
either this change or a sysfs_strcaseeq().

Rasmus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ