lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <CYS7WMFLXNE1.35OBTKTONKNX3@suppilovahvero>
Date: Tue, 30 Jan 2024 19:30:16 +0200
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: "Jarkko Sakkinen" <jarkko@...nel.org>, "Verma, Vishal L"
 <vishal.l.verma@...el.com>, "zohar@...ux.ibm.com" <zohar@...ux.ibm.com>,
 "paul@...l-moore.com" <paul@...l-moore.com>, "dhowells@...hat.com"
 <dhowells@...hat.com>, "yaelt@...gle.com" <yaelt@...gle.com>,
 "serge@...lyn.com" <serge@...lyn.com>, "nichen@...as.ac.cn"
 <nichen@...as.ac.cn>, "sumit.garg@...aro.org" <sumit.garg@...aro.org>,
 "jmorris@...ei.org" <jmorris@...ei.org>
Cc: "Jiang, Dave" <dave.jiang@...el.com>, "linux-integrity@...r.kernel.org"
 <linux-integrity@...r.kernel.org>, "linux-cxl@...r.kernel.org"
 <linux-cxl@...r.kernel.org>, "linux-kernel@...r.kernel.org"
 <linux-kernel@...r.kernel.org>, "Williams, Dan J"
 <dan.j.williams@...el.com>, "keyrings@...r.kernel.org"
 <keyrings@...r.kernel.org>, "linux-security-module@...r.kernel.org"
 <linux-security-module@...r.kernel.org>, "nvdimm@...ts.linux.dev"
 <nvdimm@...ts.linux.dev>
Subject: Re: [PATCH] KEYS: encrypted: Add check for strsep

On Tue Jan 30, 2024 at 7:22 PM EET, Jarkko Sakkinen wrote:
> On Wed Jan 24, 2024 at 11:10 PM EET, Verma, Vishal L wrote:
> > On Wed, 2024-01-24 at 15:40 -0500, Mimi Zohar wrote:
> > > On Wed, 2024-01-24 at 20:10 +0000, Verma, Vishal L wrote:
> > > > > 
> > > > Ah, thanks for confirming! Would you like me to send a revert patch or
> > > > will you do it?
> > > 
> > > Revert "KEYS: encrypted: Add check for strsep"
> > >     
> > > This reverts commit b4af096b5df5dd131ab796c79cedc7069d8f4882.
> > >     
> > > New encrypted keys are created either from kernel-generated random
> > > numbers or user-provided decrypted data.  Revert the change requiring
> > > user-provided decrypted data.
> > > 
> > > 
> > > Can I add your Reported-by?
> >
> > Yes that works, Thank you.
>
> This went totally wrong IMHO.
>
> Priority should be to locate and fix the bug not revert useful stuff
> when a bug is found that has limited scope.

By guidelines here the commit is also a bug fix and reverting
such commit means seeding a bug to the mainline. Also the klog
message alone is a bug fix here. So also by book it really has
to come back as it was already commit because we cannot
knowingly mount bugs to the mainline, right?

BR, Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ