lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 08 Jan 2024 13:55:50 +0000
From: David Howells <dhowells@...hat.com>
To: Minjie Du <duminjie@...o.com>
Cc: dhowells@...hat.com, linux-cachefs@...hat.com,
    linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v1] netfs: use kfree_sensitive() instend of kfree() in fscache_free_cookie()

Minjie Du <duminjie@...o.com> wrote:

>  linux-cachefs@...hat.com (moderated
>  list:FILESYSTEMS [NETFS LIBRARY]), linux-fsdevel@...r.kernel.org (open
>  list:FILESYSTEMS [NETFS LIBRARY]), linux-kernel@...r.kernel.org (open list)

In future, could you edit the comments out of the email addresses, please?

> key might contain private information, so use kfree_sensitive to free it.
> In fscache_free_cookie() use kfree_sensitive().

There's no real point.  These are written as filenames (possibly base64-ish
encoded) on disk by cachefiles and represent the information given to the
server to indicate the file (in afs, for example, that's cell name, volume
name, vnode number).

David


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ