Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20221222210351.oQ5Sn%steffen@sdaoden.eu>
Date: Thu, 22 Dec 2022 22:03:51 +0100
From: Steffen Nurpmeso <steffen@...oden.eu>
To: oss-security@...ts.openwall.com
Subject: Re: [patch] proc.5: tell how to parse
 /proc/*/stat correctly

..now sending this..

Shawn Webb wrote in
 <20221222150448.5wyrhot7ikhp75j7@...t-hbsd>:
 |On Thu, Dec 22, 2022 at 03:44:45PM +0100, Jakub Wilk wrote:
 ...
 |We knew way back then the dangers of VFS-based wizardry. Did we lose
 |that knowledge somehow?

I think often problems materialize due to insufficient knowledge
of special cases and/or the complete picture.  And you need to dig
around in kernel sources to find answers, and for Linux in
particular "one thing (sysfs/procfs entry) has that name and uses
these values ranges here, and those over there".  (From my
superficial view doing backlight / volume / fan control.)
Names are also not self-describing, and then i very much like
FreeBSD's sysctl(8) -d flag, as every sysctl has a documentation
string entry; one can even do "sysctl -a -d".  For example

  kern.evdev.rcpt_mask: Who is receiving events: bit0 - sysmouse, bit1 - kbdmux, bit2 - mouse hardware, bit3 - keyboard hardware

Even manual references (punctuation issue)

  vm.overcommit: Configure virtual memory overcommit behavior. See tuning(7) for details.

But of course for one BSD is a more holistic approach, and then
this does not prevent errors from happening.  But -- how often
have i wished i would get just a little information at a glance!

Some interfaces are very old, established and more or less stable,
and origin in a time where many problems where not yet
"completely" intellectually penetrated.  You need to move the
entire infrastructure to make this better.  .. Appears strange in
a so rapidly moving environment like Linux kernel, with >50 MB
merges for a minor revision..  All those young dudes which eagerly
carry the news to see their footsteps disappearing in the sand,
heh!!  And then lots of software is done as a hobby, famous xkcd
"dependency" thing[1].

  [1] https://xkcd.com/2347/

P.S.: shawn.webb@ possibly means introducing something like libXO
for (some / all?) procfs entries?  (And _i_ long dream of
a FILE.txt with the equivalent to sysctl(8)'s -d.)

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.