lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YrD3jVuXC8eH+WRi@zx2c4.com>
Date:   Tue, 21 Jun 2022 00:41:59 +0200
From:   "Jason A. Donenfeld" <Jason@...c4.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Sebastian Siewior <bigeasy@...utronix.de>,
        Jann Horn <jannh@...gle.com>, Theodore Ts'o <tytso@....edu>,
        LKML <linux-kernel@...r.kernel.org>,
        Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [PATCH] random: Fix signal_pending() usage

On Mon, Jun 20, 2022 at 02:00:18PM -0500, Linus Torvalds wrote:
> Handling signals is the *default* behavior. It is only regular files
> where that doesn't happen. This is not a regular file, and the "it's
> about security" is not an argument.
> 
> As mentioned, expecting an uninterruptible read is not "security". It's garbage.

Indeed, practically speaking you are right. A few months back when I was
fixing this to respect signals in the first place (because it used to be
wrongly conditioned on need_resched()), I did some global code searches
to see if I'd break anything, and basically it seemed like anything that
used huge buffers handled EINTR, and only little buffers weren't filled
iteratively. So PAGE_SIZE would seem to widely handle the real code out
there.  If this is to change as an API ease of use argument or
something, I'd expect the behavior to change across devices (/dev/zero
and such I mentioned earlier in mem.c), not just this one -- no need to
be a special snowflake -- which means convincing people to change
something pretty well established.

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ