lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Yh2sNtnBLt6HL/mw@owl.dominikbrodowski.net>
Date:   Tue, 1 Mar 2022 06:16:38 +0100
From:   Dominik Brodowski <linux@...inikbrodowski.net>
To:     "Jason A. Donenfeld" <Jason@...c4.com>
Cc:     linux-kernel@...r.kernel.org, Theodore Ts'o <tytso@....edu>
Subject: Re: [PATCH 2/2] random: don't let 644 read-only sysctls be written to

Am Mon, Feb 28, 2022 at 02:37:43PM +0100 schrieb Jason A. Donenfeld:
> We leave around these old sysctls for compatibility, and we keep them
> "writable" for compatibility, but even after writing, we should keep
> reporting the same value. This is consistent with how userspaces tend to
> use sysctl_random_write_wakeup_bits, writing to it, and then later
> reading from it and using the value.
> 
> Cc: Dominik Brodowski <linux@...inikbrodowski.net>
> Cc: Theodore Ts'o <tytso@....edu>
> Signed-off-by: Jason A. Donenfeld <Jason@...c4.com>
> ---
>  drivers/char/random.c | 11 +++++++++--
>  1 file changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/char/random.c b/drivers/char/random.c
> index 116ebf50d791..06c6e15b5f3d 100644
> --- a/drivers/char/random.c
> +++ b/drivers/char/random.c
> @@ -1669,6 +1669,13 @@ static int proc_do_uuid(struct ctl_table *table, int write, void *buffer,
>  	return proc_dostring(&fake_table, 0, buffer, lenp, ppos);
>  }
>  
> +/* The same as proc_dointvec, but writes don't change anything. */
> +static int proc_do_rointvec(struct ctl_table *table, int write, void *buffer,
> +			    size_t *lenp, loff_t *ppos)
> +{
> +	return write ? 0 : proc_dointvec(table, write, buffer, lenp, ppos);
> +}

While it would be better if we could return -EINVAL or something like that,
I see the point of this patch:

	Reviewed-by: Dominik Brodowski <linux@...inikbrodowski.net>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ