On 23 May 2007, at 12:39, Nitin Gupta wrote:
Hi Michael,
On 5/23/07, Michael-Luke Jones <[email protected]> wrote:
I understand that the 'safe' decompression code is 'somewhat slower'
and that decompressor performance is a key feature of this algorithm.
However, I am concerned about the safety implications of including
the 'unsafe' standard version in-kernel when likely uses include
compression of network data, memory objects and so-on, all of which
could in theory be maliciously modified.
The 'unsafe' version is still included since in some scenarios we have
guarantee that compressed data has not been modified (for e.g. where
we keep compressed data in memory only). So, in those cases there is
no need to go for slower 'safe' version. So, the version of
decompressor selected should be left to the user (kernel dev) only -
he should make sure that he is using the right version.
Fair enough. However, this rather important issue is pretty much
undocumented (source code comments don't count) and Reiser4 is
already using the lzo1x_decompress() function rather than the
seemingly more appropriate lzo1x_decompress_safe() function...
http://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.22-
rc2/2.6.22-rc2-mm1/broken-out/reiser4-use-lzo-library-functions.patch
Perhaps a rename is in order:
lzo1x_decompress() => lzo1x_decompress_unsafe()
lzo1x_decompress_safe => lzo1x_decompress()
M-L
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
