| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YYuLmMxbKLqHD+ZW@kroah.com>
Date: Wed, 10 Nov 2021 10:06:32 +0100
From: Greg KH <gregkh@...uxfoundation.org>
To: Ajay Garg <ajaygargnsit@...il.com>
Cc: Pavel Skripkin <paskripkin@...il.com>,
Jiri Slaby <jirislaby@...nel.org>,
Andy Shevchenko <andy.shevchenko@...il.com>, kernel@...il.dk,
David Laight <David.Laight@...lab.com>,
"linux-serial@...r.kernel.org" <linux-serial@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] tty: vt: keyboard: do not copy an extra-byte in
copy_to_user
On Wed, Nov 10, 2021 at 02:27:36PM +0530, Ajay Garg wrote:
> >
> > Ajay wants to be safe and he thinks, that relying on fact, that
> > strlen(func_table[kb_func]) < sizeof(user_kdgkb->kb_string) is not good
> > approach, since it's external for vt_do_kdgkb_ioctl. (I hope, I've
> > explained his idea in the right way)
> >
>
> That's right Pavel.
> Every function must work correctly as it "advertises", instead of
> relying on "chancy correctness" of the calls leading to the method.
That is not how the kernel works, sorry. Otherwise every function would
have to always verify all parameters passed to them, causing slow downs
and redundant checks everywhere.
When all users of functions are in the kernel tree itself, you can use
tools and manual verification that the code is correct, because those
are the only users of the functions.
thanks,
greg k-h
Powered by blists - more mailing lists