Re: reiser4 plugins — Linux Kernel

On Jun 26, 2005, at 22:37:48, David Masover wrote:

$ make -C linux-2.6.12.zip/.../contents

I've yet to see how such automatic unzipping does not inherentlyintroducesystem insecurity into _existing_ applications by changing POSIX andUNIX

semantics.

When I do this in my suid perl script:

open my $fh, '<', $ARGV[0];

I do _not_ mean this:
system '/bin/zip', 'x', $path1, $path2;

Neither do I want the kernel to unzip it, because that justintroduces the

kernel to a whole series of normally application-level vulnerabilities.
I've seen situations where a specially doctored tarball can expand to a

result file over 1000x the size of the original. Likewise, therehave been

cases where crafted tarballs have taken advantage of buffer overflows.

Can you illustrate for me with precise, clear, and unambiguous arguments
how this can avoid all possible pitfalls, especially in cases where it's

likely to break existing working privileged apps? Such extendedoperations,including the automatic encryption/decryption and most other non-standardfilesystem features (Basically the whole '...' directory), shouldprobablybe left out of any patch submitted for inclusion until they can be_proven_

(or at least thoroughly checked) not to have undesirable results.

Cheers,
Kyle Moffett

--
Somone asked me why I work on this free (http://www.fsf.org/philosophy/)

software stuff and not get a real job. Charles Shultz had the bestanswer:


"Why do musicians compose symphonies and poets write poems? They do it

because life wouldn't have any meaning for them if they didn't.That's why

I draw cartoons. It's my life."
-- Charles Shultz

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:
- Re: reiser4 plugins
  - From: David Masover <[email protected]>

References:
- Re: reiser4 plugins
  - From: Horst von Brand <[email protected]>
- Re: reiser4 plugins
  - From: David Masover <[email protected]>
- Re: reiser4 plugins
  - From: [email protected]
- Re: reiser4 plugins
  - From: David Masover <[email protected]>
- Re: reiser4 plugins
  - From: [email protected]
- Re: reiser4 plugins
  - From: Hans Reiser <[email protected]>
- Re: reiser4 plugins
  - From: Lincoln Dale <[email protected]>
- Re: reiser4 plugins
  - From: Gregory Maxwell <[email protected]>
- Re: reiser4 plugins
  - From: Lincoln Dale <[email protected]>
- Re: reiser4 plugins
  - From: David Masover <[email protected]>
- Re: reiser4 plugins
  - From: [email protected]
- Re: reiser4 plugins
  - From: David Masover <[email protected]>
- Re: reiser4 plugins
  - From: [email protected]
- Re: reiser4 plugins
  - From: David Masover <[email protected]>
- Re: reiser4 plugins
  - From: [email protected]
- Re: reiser4 plugins
  - From: David Masover <[email protected]>

Prev by Date: Re: [PATCH][RFC 2] char: Add Dell Systems Management Base driver
Next by Date: Re: reiser4 plugins
Previous by thread: Re: reiser4 plugins
Next by thread: Re: reiser4 plugins
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]