From: Daniel Micay <danielmicay@gmail.com>
To: kernel-hardening@lists.openwall.com, bsingharora@gmail.com
Cc: LKML <linux-kernel@vger.kernel.org>,
Rik van Riel <riel@redhat.com>,
Casey Schaufler <casey@schaufler-ca.com>,
PaX Team <pageexec@freemail.hu>,
Brad Spengler <spender@grsecurity.net>,
Russell King <linux@armlinux.org.uk>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Michael Ellerman <mpe@ellerman.id.au>,
Tony Luck <tony.luck@intel.com>,
Fenghua Yu <fenghua.yu@intel.com>,
"David S. Miller" <davem@davemloft.net>,
"x86@kernel.org" <x86@kernel.org>,
Christoph Lameter <cl@linux.com>,
Pekka Enberg <penberg@kernel.org>,
David Rientjes <rientjes@google.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>, Borislav Petkov <bp@suse.de>,
Mathias Krause <minipli@googlemail.com>, Jan Kara <jack@suse.cz>,
Vitaly Wool <vitalywool@gmail.com>,
Andrea Arcangeli <aarcange@redhat.com>,
Dmitry Vyukov <dvyukov@google.com>,
Laura Abbott <labbott@fedoraproject.org>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
linux-ia64@vger.kernel.org,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
sparclinux <sparclinux@vger.kernel.org>,
linux-arch <linux-arch@vger.kernel.org>,
Linux-MM <linux-mm@kvack.org>
Subject: Re: [kernel-hardening] Re: [PATCH v2 02/11] mm: Hardened usercopy
Date: Fri, 15 Jul 2016 15:00:54 -0400 [thread overview]
Message-ID: <1468609254.32683.34.camel@gmail.com> (raw)
In-Reply-To: <CAGXu5jKzD_rCMNJQU1bB5KDfKTsb+AaidZwe=FAfGMqt_FkfqQ@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 760 bytes --]
> This could be a BUG, but I'd rather not panic the entire kernel.
It seems unlikely that it will panic without panic_on_oops and that's
an explicit opt-in to taking down the system on kernel logic errors
exactly like this. In grsecurity, it calls the kernel exploit handling
logic (panic if root, otherwise kill all process of that user and ban
them until reboot) but that same logic is also called for BUG via oops
handling so there's only really a distinction with panic_on_oops=1.
Does it make sense to be less fatal for a fatal assertion that's more
likely to be security-related? Maybe you're worried about having some
false positives for the whitelisting portion, but I don't think those
will lurk around very long with the way this works.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 851 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: Daniel Micay <danielmicay@gmail.com>
To: kernel-hardening@lists.openwall.com, bsingharora@gmail.com
Cc: LKML <linux-kernel@vger.kernel.org>,
Rik van Riel <riel@redhat.com>,
Casey Schaufler <casey@schaufler-ca.com>,
PaX Team <pageexec@freemail.hu>,
Brad Spengler <spender@grsecurity.net>,
Russell King <linux@armlinux.org.uk>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Michael Ellerman <mpe@ellerman.id.au>,
Tony Luck <tony.luck@intel.com>,
Fenghua Yu <fenghua.yu@intel.com>,
"David S. Miller" <davem@davemloft.net>,
"x86@kernel.org" <x86@kernel.org>,
Christoph Lameter <cl@linux.com>,
Pekka Enberg <penberg@kernel.org>,
David Rientjes <rientjes@google.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>, Borislav Petkov <bp@suse.de>,
Mathias Krause <minipli@googlemail.com>J
Subject: Re: [kernel-hardening] Re: [PATCH v2 02/11] mm: Hardened usercopy
Date: Fri, 15 Jul 2016 15:00:54 -0400 [thread overview]
Message-ID: <1468609254.32683.34.camel@gmail.com> (raw)
In-Reply-To: <CAGXu5jKzD_rCMNJQU1bB5KDfKTsb+AaidZwe=FAfGMqt_FkfqQ@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 760 bytes --]
> This could be a BUG, but I'd rather not panic the entire kernel.
It seems unlikely that it will panic without panic_on_oops and that's
an explicit opt-in to taking down the system on kernel logic errors
exactly like this. In grsecurity, it calls the kernel exploit handling
logic (panic if root, otherwise kill all process of that user and ban
them until reboot) but that same logic is also called for BUG via oops
handling so there's only really a distinction with panic_on_oops=1.
Does it make sense to be less fatal for a fatal assertion that's more
likely to be security-related? Maybe you're worried about having some
false positives for the whitelisting portion, but I don't think those
will lurk around very long with the way this works.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 851 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: Daniel Micay <danielmicay@gmail.com>
To: kernel-hardening@lists.openwall.com, bsingharora@gmail.com
Cc: LKML <linux-kernel@vger.kernel.org>,
Rik van Riel <riel@redhat.com>,
Casey Schaufler <casey@schaufler-ca.com>,
PaX Team <pageexec@freemail.hu>,
Brad Spengler <spender@grsecurity.net>,
Russell King <linux@armlinux.org.uk>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Michael Ellerman <mpe@ellerman.id.au>,
Tony Luck <tony.luck@intel.com>,
Fenghua Yu <fenghua.yu@intel.com>,
"David S. Miller" <davem@davemloft.net>,
"x86@kernel.org" <x86@kernel.org>,
Christoph Lameter <cl@linux.com>,
Pekka Enberg <penberg@kernel.org>,
David Rientjes <rientjes@google.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>, Borislav Petkov <bp@suse.de>,
Mathias Krause <minipli@googlemail.com>, Jan Kara <jack@suse.cz>,
Vitaly Wool <vitalywool@gmail.com>,
Andrea Arcangeli <aarcange@redhat.com>,
Dmitry Vyukov <dvyukov@google.com>,
Laura Abbott <labbott@fedoraproject.org>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
linux-ia64@vger.kernel.org,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
sparclinux <sparclinux@vger.kernel.org>,
linux-arch <linux-arch@vger.kernel.org>,
Linux-MM <linux-mm@kvack.org>
Subject: Re: [kernel-hardening] Re: [PATCH v2 02/11] mm: Hardened usercopy
Date: Fri, 15 Jul 2016 19:00:54 +0000 [thread overview]
Message-ID: <1468609254.32683.34.camel@gmail.com> (raw)
In-Reply-To: <CAGXu5jKzD_rCMNJQU1bB5KDfKTsb+AaidZwe=FAfGMqt_FkfqQ@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 760 bytes --]
> This could be a BUG, but I'd rather not panic the entire kernel.
It seems unlikely that it will panic without panic_on_oops and that's
an explicit opt-in to taking down the system on kernel logic errors
exactly like this. In grsecurity, it calls the kernel exploit handling
logic (panic if root, otherwise kill all process of that user and ban
them until reboot) but that same logic is also called for BUG via oops
handling so there's only really a distinction with panic_on_oops=1.
Does it make sense to be less fatal for a fatal assertion that's more
likely to be security-related? Maybe you're worried about having some
false positives for the whitelisting portion, but I don't think those
will lurk around very long with the way this works.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 851 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: danielmicay@gmail.com (Daniel Micay)
To: linux-arm-kernel@lists.infradead.org
Subject: [kernel-hardening] Re: [PATCH v2 02/11] mm: Hardened usercopy
Date: Fri, 15 Jul 2016 15:00:54 -0400 [thread overview]
Message-ID: <1468609254.32683.34.camel@gmail.com> (raw)
In-Reply-To: <CAGXu5jKzD_rCMNJQU1bB5KDfKTsb+AaidZwe=FAfGMqt_FkfqQ@mail.gmail.com>
> This could be a BUG, but I'd rather not panic the entire kernel.
It seems unlikely that it will panic without panic_on_oops and that's
an explicit opt-in to taking down the system on kernel logic errors
exactly like this. In grsecurity, it calls the kernel exploit handling
logic (panic if root, otherwise kill all process of that user and ban
them until reboot) but that same logic is also called for BUG via oops
handling so there's only really a distinction with panic_on_oops=1.
Does it make sense to be less fatal for a fatal assertion that's more
likely to be security-related? Maybe you're worried about having some
false positives for the whitelisting portion, but I don't think those
will lurk around very long with the way this works.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 851 bytes
Desc: This is a digitally signed message part
URL: <http://lists.infradead.org/pipermail/linux-arm-kernel/attachments/20160715/05e8ad54/attachment.sig>
next prev parent reply other threads:[~2016-07-15 19:01 UTC|newest]
Thread overview: 203+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-13 21:55 [PATCH v2 0/11] mm: Hardened usercopy Kees Cook
2016-07-13 21:55 ` [kernel-hardening] " Kees Cook
2016-07-13 21:55 ` Kees Cook
2016-07-13 21:55 ` Kees Cook
2016-07-13 21:55 ` Kees Cook
2016-07-13 21:55 ` Kees Cook
2016-07-13 21:55 ` [PATCH v2 01/11] mm: Implement stack frame object validation Kees Cook
2016-07-13 21:55 ` [kernel-hardening] " Kees Cook
2016-07-13 21:55 ` Kees Cook
2016-07-13 21:55 ` Kees Cook
2016-07-13 21:55 ` Kees Cook
2016-07-13 21:55 ` Kees Cook
2016-07-13 22:01 ` Andy Lutomirski
2016-07-13 22:01 ` [kernel-hardening] " Andy Lutomirski
2016-07-13 22:01 ` Andy Lutomirski
2016-07-13 22:01 ` Andy Lutomirski
2016-07-13 22:01 ` Andy Lutomirski
2016-07-13 22:01 ` Andy Lutomirski
2016-07-13 22:01 ` Andy Lutomirski
2016-07-13 22:04 ` Kees Cook
2016-07-13 22:04 ` [kernel-hardening] " Kees Cook
2016-07-13 22:04 ` Kees Cook
2016-07-13 22:04 ` Kees Cook
2016-07-13 22:04 ` Kees Cook
2016-07-13 22:04 ` Kees Cook
2016-07-13 22:04 ` Kees Cook
2016-07-14 5:48 ` Josh Poimboeuf
2016-07-14 5:48 ` [kernel-hardening] " Josh Poimboeuf
2016-07-14 5:48 ` Josh Poimboeuf
2016-07-14 5:48 ` Josh Poimboeuf
2016-07-14 5:48 ` Josh Poimboeuf
2016-07-14 5:48 ` Josh Poimboeuf
2016-07-14 5:48 ` Josh Poimboeuf
2016-07-14 18:10 ` Kees Cook
2016-07-14 18:10 ` [kernel-hardening] " Kees Cook
2016-07-14 18:10 ` Kees Cook
2016-07-14 18:10 ` Kees Cook
2016-07-14 18:10 ` Kees Cook
2016-07-14 18:10 ` Kees Cook
2016-07-14 18:10 ` Kees Cook
2016-07-14 19:23 ` Josh Poimboeuf
2016-07-14 19:23 ` [kernel-hardening] " Josh Poimboeuf
2016-07-14 19:23 ` Josh Poimboeuf
2016-07-14 19:23 ` Josh Poimboeuf
2016-07-14 19:23 ` Josh Poimboeuf
2016-07-14 19:23 ` Josh Poimboeuf
2016-07-14 19:23 ` Josh Poimboeuf
2016-07-14 21:38 ` Kees Cook
2016-07-14 21:38 ` [kernel-hardening] " Kees Cook
2016-07-14 21:38 ` Kees Cook
2016-07-14 21:38 ` Kees Cook
2016-07-14 21:38 ` Kees Cook
2016-07-14 21:38 ` Kees Cook
2016-07-14 21:38 ` Kees Cook
2016-07-13 21:55 ` [PATCH v2 02/11] mm: Hardened usercopy Kees Cook
2016-07-13 21:55 ` [kernel-hardening] " Kees Cook
2016-07-13 21:55 ` Kees Cook
2016-07-13 21:55 ` Kees Cook
2016-07-13 21:55 ` Kees Cook
2016-07-13 21:55 ` Kees Cook
2016-07-14 23:20 ` Balbir Singh
2016-07-14 23:20 ` [kernel-hardening] " Balbir Singh
2016-07-14 23:20 ` Balbir Singh
2016-07-14 23:20 ` Balbir Singh
2016-07-14 23:20 ` Balbir Singh
2016-07-14 23:20 ` Balbir Singh
2016-07-15 1:04 ` Rik van Riel
2016-07-15 1:04 ` [kernel-hardening] " Rik van Riel
2016-07-15 1:04 ` Rik van Riel
2016-07-15 1:04 ` Rik van Riel
2016-07-15 1:04 ` Rik van Riel
2016-07-15 1:41 ` Balbir Singh
2016-07-15 1:41 ` [kernel-hardening] " Balbir Singh
2016-07-15 1:41 ` Balbir Singh
2016-07-15 1:41 ` Balbir Singh
2016-07-15 1:41 ` Balbir Singh
2016-07-15 1:41 ` Balbir Singh
2016-07-15 4:05 ` Kees Cook
2016-07-15 4:05 ` [kernel-hardening] " Kees Cook
2016-07-15 4:05 ` Kees Cook
2016-07-15 4:05 ` Kees Cook
2016-07-15 4:05 ` Kees Cook
2016-07-15 4:05 ` Kees Cook
2016-07-15 4:05 ` Kees Cook
2016-07-15 4:53 ` Kees Cook
2016-07-15 4:53 ` [kernel-hardening] " Kees Cook
2016-07-15 4:53 ` Kees Cook
2016-07-15 4:53 ` Kees Cook
2016-07-15 4:53 ` Kees Cook
2016-07-15 4:53 ` Kees Cook
2016-07-15 4:53 ` Kees Cook
2016-07-15 12:55 ` Balbir Singh
2016-07-15 12:55 ` [kernel-hardening] " Balbir Singh
2016-07-15 12:55 ` Balbir Singh
2016-07-15 12:55 ` Balbir Singh
2016-07-15 12:55 ` Balbir Singh
2016-07-15 12:55 ` Balbir Singh
2016-07-15 12:55 ` Balbir Singh
2016-07-15 4:25 ` Kees Cook
2016-07-15 4:25 ` [kernel-hardening] " Kees Cook
2016-07-15 4:25 ` Kees Cook
2016-07-15 4:25 ` Kees Cook
2016-07-15 4:25 ` Kees Cook
2016-07-15 4:25 ` Kees Cook
2016-07-15 4:25 ` Kees Cook
2016-07-15 19:00 ` Daniel Micay [this message]
2016-07-15 19:00 ` [kernel-hardening] " Daniel Micay
2016-07-15 19:00 ` Daniel Micay
2016-07-15 19:00 ` Daniel Micay
2016-07-15 19:00 ` Daniel Micay
2016-07-15 19:00 ` Daniel Micay
2016-07-15 19:14 ` Kees Cook
2016-07-15 19:14 ` Kees Cook
2016-07-15 19:14 ` Kees Cook
2016-07-15 19:14 ` Kees Cook
2016-07-15 19:14 ` Kees Cook
2016-07-15 19:14 ` Kees Cook
2016-07-15 19:19 ` Daniel Micay
2016-07-15 19:19 ` Daniel Micay
2016-07-15 19:19 ` Daniel Micay
2016-07-15 19:19 ` Daniel Micay
2016-07-15 19:19 ` Daniel Micay
2016-07-15 19:19 ` Daniel Micay
2016-07-15 19:23 ` Kees Cook
2016-07-15 19:23 ` Kees Cook
2016-07-15 19:23 ` Kees Cook
2016-07-15 19:23 ` Kees Cook
2016-07-15 19:23 ` Kees Cook
2016-07-15 19:23 ` Kees Cook
2016-07-13 21:55 ` [PATCH v2 03/11] x86/uaccess: Enable hardened usercopy Kees Cook
2016-07-13 21:55 ` [kernel-hardening] " Kees Cook
2016-07-13 21:55 ` Kees Cook
2016-07-13 21:55 ` Kees Cook
2016-07-13 21:55 ` Kees Cook
2016-07-13 21:55 ` Kees Cook
2016-07-13 21:55 ` [PATCH v2 04/11] ARM: uaccess: " Kees Cook
2016-07-13 21:55 ` [kernel-hardening] " Kees Cook
2016-07-13 21:55 ` Kees Cook
2016-07-13 21:55 ` Kees Cook
2016-07-13 21:55 ` Kees Cook
2016-07-13 21:55 ` Kees Cook
2016-07-13 21:55 ` [PATCH v2 05/11] arm64/uaccess: " Kees Cook
2016-07-13 21:55 ` [kernel-hardening] " Kees Cook
2016-07-13 21:55 ` Kees Cook
2016-07-13 21:55 ` Kees Cook
2016-07-13 21:55 ` Kees Cook
2016-07-13 21:55 ` Kees Cook
2016-07-13 21:55 ` [PATCH v2 06/11] ia64/uaccess: " Kees Cook
2016-07-13 21:55 ` [kernel-hardening] " Kees Cook
2016-07-13 21:55 ` Kees Cook
2016-07-13 21:55 ` Kees Cook
2016-07-13 21:55 ` Kees Cook
2016-07-13 21:55 ` Kees Cook
2016-07-13 21:56 ` [PATCH v2 07/11] powerpc/uaccess: " Kees Cook
2016-07-13 21:56 ` [kernel-hardening] " Kees Cook
2016-07-13 21:56 ` Kees Cook
2016-07-13 21:56 ` Kees Cook
2016-07-13 21:56 ` Kees Cook
2016-07-13 21:56 ` Kees Cook
2016-07-13 21:56 ` [PATCH v2 08/11] sparc/uaccess: " Kees Cook
2016-07-13 21:56 ` [kernel-hardening] " Kees Cook
2016-07-13 21:56 ` Kees Cook
2016-07-13 21:56 ` Kees Cook
2016-07-13 21:56 ` Kees Cook
2016-07-13 21:56 ` Kees Cook
2016-07-13 21:56 ` [PATCH v2 09/11] s390/uaccess: " Kees Cook
2016-07-13 21:56 ` [kernel-hardening] " Kees Cook
2016-07-13 21:56 ` Kees Cook
2016-07-13 21:56 ` Kees Cook
2016-07-13 21:56 ` Kees Cook
2016-07-13 21:56 ` Kees Cook
2016-07-13 21:56 ` [PATCH v2 10/11] mm: SLAB hardened usercopy support Kees Cook
2016-07-13 21:56 ` [kernel-hardening] " Kees Cook
2016-07-13 21:56 ` Kees Cook
2016-07-13 21:56 ` Kees Cook
2016-07-13 21:56 ` Kees Cook
2016-07-13 21:56 ` Kees Cook
2016-07-13 21:56 ` [PATCH v2 11/11] mm: SLUB " Kees Cook
2016-07-13 21:56 ` [kernel-hardening] " Kees Cook
2016-07-13 21:56 ` Kees Cook
2016-07-13 21:56 ` Kees Cook
2016-07-13 21:56 ` Kees Cook
2016-07-13 21:56 ` Kees Cook
2016-07-14 10:07 ` [kernel-hardening] " Michael Ellerman
2016-07-14 10:07 ` Michael Ellerman
2016-07-14 10:07 ` Michael Ellerman
2016-07-14 10:07 ` Michael Ellerman
2016-07-14 10:07 ` Michael Ellerman
2016-07-14 10:07 ` Michael Ellerman
2016-07-14 10:07 ` Michael Ellerman
2016-07-15 2:05 ` Balbir Singh
2016-07-15 2:05 ` [kernel-hardening] " Balbir Singh
2016-07-15 2:05 ` Balbir Singh
2016-07-15 2:05 ` Balbir Singh
2016-07-15 2:05 ` Balbir Singh
2016-07-15 2:05 ` Balbir Singh
2016-07-15 4:29 ` Kees Cook
2016-07-15 4:29 ` [kernel-hardening] " Kees Cook
2016-07-15 4:29 ` Kees Cook
2016-07-15 4:29 ` Kees Cook
2016-07-15 4:29 ` Kees Cook
2016-07-15 4:29 ` Kees Cook
2016-07-15 4:29 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1468609254.32683.34.camel@gmail.com \
--to=danielmicay@gmail.com \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=ard.biesheuvel@linaro.org \
--cc=benh@kernel.crashing.org \
--cc=bp@suse.de \
--cc=bsingharora@gmail.com \
--cc=casey@schaufler-ca.com \
--cc=catalin.marinas@arm.com \
--cc=cl@linux.com \
--cc=davem@davemloft.net \
--cc=dvyukov@google.com \
--cc=fenghua.yu@intel.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=jack@suse.cz \
--cc=kernel-hardening@lists.openwall.com \
--cc=labbott@fedoraproject.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-ia64@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux@armlinux.org.uk \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=luto@kernel.org \
--cc=minipli@googlemail.com \
--cc=mpe@ellerman.id.au \
--cc=pageexec@freemail.hu \
--cc=penberg@kernel.org \
--cc=riel@redhat.com \
--cc=rientjes@google.com \
--cc=sparclinux@vger.kernel.org \
--cc=spender@grsecurity.net \
--cc=tony.luck@intel.com \
--cc=vitalywool@gmail.com \
--cc=will.deacon@arm.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.