From: Linus Torvalds <torvalds@linux-foundation.org>
To: Arusekk <arek_koz@o2.pl>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Christoph Hellwig <hch@lst.de>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Alexey Dobriyan <adobriyan@gmail.com>,
Al Viro <viro@zeniv.linux.org.uk>
Subject: Re: [PATCH v3] proc: Use seq_read_iter for /proc/*/maps
Date: Tue, 4 May 2021 13:24:55 -0700 [thread overview]
Message-ID: <CAHk-=whCMLJB4FafaqHOrpE0UOLkq5Wc4EyNSJLzq3NZAwN0-w@mail.gmail.com> (raw)
In-Reply-To: <1777114.atdPhlSkOF@swift.dev.arusekk.pl>
On Tue, May 4, 2021 at 1:21 PM Arusekk <arek_koz@o2.pl> wrote:
>
> Keeping it the way it is for the sake of security of userspace applications
> looks more like security through obscurity to me.
No, it's simply "no valid use" and "why expose interfaces that don't
need to be exposed".
splice() _has_ been a security issue before. It's why I want to limit
it now. I want to enable it only for cases that seem to be worth
enabling for.
Have we fixed all the splice security issues? I certainly hope so. Are
you correct in stating that there are probably other places that might
be more interesting to attackers? Sure. But none of that changes the
basic issue: why expose this?
Linus
next prev parent reply other threads:[~2021-05-04 20:25 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-27 18:34 [PATCH] proc: Use seq_read_iter where possible Arkadiusz Kozdra (Arusekk)
2021-04-28 6:12 ` Christoph Hellwig
2021-04-28 13:02 ` Arusekk
2021-04-28 13:03 ` Christoph Hellwig
2021-04-28 17:46 ` Linus Torvalds
2021-04-29 10:05 ` [PATCH v2] proc: Use seq_read_iter for /proc/*/maps Arkadiusz Kozdra (Arusekk)
2021-04-29 10:07 ` Greg Kroah-Hartman
2021-05-04 11:53 ` [PATCH v3] " Arkadiusz Kozdra (Arusekk)
2021-05-04 16:01 ` Linus Torvalds
2021-05-04 20:23 ` Arusekk
2021-05-04 20:24 ` Linus Torvalds [this message]
2021-04-29 16:36 ` [PATCH v2] " Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHk-=whCMLJB4FafaqHOrpE0UOLkq5Wc4EyNSJLzq3NZAwN0-w@mail.gmail.com' \
--to=torvalds@linux-foundation.org \
--cc=adobriyan@gmail.com \
--cc=arek_koz@o2.pl \
--cc=gregkh@linuxfoundation.org \
--cc=hch@lst.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.