lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20151106193135.GW22011@ZenIV.linux.org.uk>
Date:	Fri, 6 Nov 2015 19:31:35 +0000
From:	Al Viro <viro@...IV.linux.org.uk>
To:	David Laight <David.Laight@...LAB.COM>
Cc:	'David Holland' <dholland-tech@...bsd.org>,
	Alan Burlison <Alan.Burlison@...cle.com>,
	"Casper.Dik@...cle.com" <Casper.Dik@...cle.com>,
	David Miller <davem@...emloft.net>,
	"eric.dumazet@...il.com" <eric.dumazet@...il.com>,
	"stephen@...workplumber.org" <stephen@...workplumber.org>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: [Bug 106241] New: shutdown(3)/close(3) behaviour is incorrect
 for sockets in accept(3)

On Fri, Nov 06, 2015 at 03:07:30PM +0000, David Laight wrote:

> > Oh, _lovely_.  So instead of continuation of that write(2) going down
> > the throat of something opened by unrelated thread, it (starting from a
> > pretty arbitrary point) will go into the descriptor the closing thread
> > passed to dup2().  Until it, in turn, gets closed, at which point we
> > are back to square one.  That, of course, makes it so much better -
> > whatever had I been thinking about that made me miss that?
> 
> Do I detect a note of sarcasm.
> 
> You'd open "/dev/null" (lacking a "/dev/error") and use that as the source fd.
> So any writes (etc) would be discarded in a safe manner, and nothing will block.

... and never close that descriptor afterwards?  Then why would you care whether
dup2() blocks there or not?  Are you seriously saying that there is any code
that would (a) rely on that kind of warranty and (b) not be racy as hell?

Until now everyone had been talking about that thing as an attempt of mitigation
for broken userland code; you seem to be the first one to imply that this can
be used as a deliberate technics...
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ