| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHk-=wg5jqTdjZrwbSsMsd=NUSi_acBHoLQmRDgNArMvXWj8bw@mail.gmail.com>
Date: Mon, 20 Jun 2022 14:00:18 -0500
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Sebastian Siewior <bigeasy@...utronix.de>
Cc: "Jason A. Donenfeld" <Jason@...c4.com>,
Jann Horn <jannh@...gle.com>, "Theodore Ts'o" <tytso@....edu>,
LKML <linux-kernel@...r.kernel.org>,
Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [PATCH] random: Fix signal_pending() usage
On Mon, Jun 20, 2022 at 2:44 AM Sebastian Siewior <bigeasy@...utronix.de> wrote:
>
> Based on that, I don't see a problem dropping that signal check
> especially that requests larger than 4KiB are most likely exotic.
Why would we do that?
Anybody who doesn't handle -EINTR is a clown, not a security issue.
Your "6s isn't that bad" is ridiculous, since
(a) 6 seconds is forever
(b) there are issues like "oops, we're out of memory, you got a
signal because root is trying to kill your annoying stupid program
using top"
and the fact is, anybody who asks for more than a few kilo-*bits* from
the kernel is already doing something questionable to begin with, and
there is no reason to bend over backwards and try to make such a crazy
use suddenly act differently from ALL OTHER character devices.
Handling signals is the *default* behavior. It is only regular files
where that doesn't happen. This is not a regular file, and the "it's
about security" is not an argument.
As mentioned, expecting an uninterruptible read is not "security". It's garbage.
Linus
Powered by blists - more mailing lists