| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Nov 2010 07:52:27 +0100 From: Oliver Hartkopp <socketcan@...tkopp.net> To: David Miller <davem@...emloft.net> CC: urs@...ogud.escape.de, netdev@...r.kernel.org, drosenberg@...curity.com, security@...nel.org, torvalds@...ux-foundation.org Subject: Re: [PATCH] Fix CAN info leak/minor heap overflow On 09.11.2010 18:05, David Miller wrote: > From: Oliver Hartkopp <socketcan@...tkopp.net> > Date: Tue, 09 Nov 2010 08:52:21 +0100 > >> Once this patch is applied (and the procfs layout is changed anyway), i'd also >> like to send a patch from my backlog that would extend the procfs output for >> can-bcm with an additional drop counter. > > I find this kind of discussion extremely disappointing. > > All of this stuff you CAN guys do with procfs files and version > strings is completely wrong and bogus. > > Once you create a procfs file layout, you're basically stuck and you > can at best only reasonably add new fields at the end, you can't > really change existing fields. > > And sysfs would have been a lot more appropriate, you could use > attributes for each value you want to export and then just add new > sysfs attributes when you want to export new values which has very > clear semantics and backwards compatability implications. I admit that from my todays knowledge i would have done things differently. But the network layer information bits have been always exposed in /proc/net as it was in 2003 when we started the implementation on a 2.4.x kernel. There are netdriver infos in sysfs but no netlayer entries. >From my point of view the only thing could be to improve the current situation, which the posted patch does: - remove kernel addresses that were only relevant at implementation time - allow AF_CAN protocols to provide their own information due to their needs - provide inode numbers that can be found in procfs at several places => improvements for developers in userspace & kernelspace The patch has been discussed on SocketCAN ML and the filter entries have not been identified as a problem for userspace tools. E.g. /proc/net/can/stats is one of the entries that's used by userspace tools. IMHO the patch improves the historic situation and fixes the useless leakage of kernel addresses. Please consider to apply that procfs changes. Best regards, Oliver -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists