| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YrD3jVuXC8eH+WRi@zx2c4.com>
Date: Tue, 21 Jun 2022 00:41:59 +0200
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Sebastian Siewior <bigeasy@...utronix.de>,
Jann Horn <jannh@...gle.com>, Theodore Ts'o <tytso@....edu>,
LKML <linux-kernel@...r.kernel.org>,
Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [PATCH] random: Fix signal_pending() usage
On Mon, Jun 20, 2022 at 02:00:18PM -0500, Linus Torvalds wrote:
> Handling signals is the *default* behavior. It is only regular files
> where that doesn't happen. This is not a regular file, and the "it's
> about security" is not an argument.
>
> As mentioned, expecting an uninterruptible read is not "security". It's garbage.
Indeed, practically speaking you are right. A few months back when I was
fixing this to respect signals in the first place (because it used to be
wrongly conditioned on need_resched()), I did some global code searches
to see if I'd break anything, and basically it seemed like anything that
used huge buffers handled EINTR, and only little buffers weren't filled
iteratively. So PAGE_SIZE would seem to widely handle the real code out
there. If this is to change as an API ease of use argument or
something, I'd expect the behavior to change across devices (/dev/zero
and such I mentioned earlier in mem.c), not just this one -- no need to
be a special snowflake -- which means convincing people to change
something pretty well established.
Jason
Powered by blists - more mailing lists