From: Dave Chinner <david@fromorbit.com>
To: "Darrick J. Wong" <djwong@kernel.org>
Cc: fstests@vger.kernel.org, max.kellermann@ionos.com
Subject: Re: [PATCH] fstests: test dirty pipe vulnerability issue of CVE-2022-0847
Date: Wed, 9 Mar 2022 09:48:58 +1100 [thread overview]
Message-ID: <20220308224858.GS3927073@dread.disaster.area> (raw)
In-Reply-To: <20220308195501.GC117704@magnolia>
On Tue, Mar 08, 2022 at 11:55:01AM -0800, Darrick J. Wong wrote:
> On Wed, Mar 09, 2022 at 03:02:19AM +0800, Zorro Lang wrote:
> > On Tue, Mar 08, 2022 at 09:14:29AM -0800, Darrick J. Wong wrote:
> > > On Tue, Mar 08, 2022 at 05:22:48PM +0800, Zorro Lang wrote:
> > > > +chmod 0644 $localfile
> > > > +# Test privileged user (xfstests generally run with root)
> > > > +echo "Test privileged user:"
> > > > +$here/src/splice2pipe $localfile 1 "AAAAAAAABBBBBBBB"
> > > > +# Part of 0xff will be overwritten if there's CVE-2022-0847 bug
> > > > +hexdump -C $localfile
> > >
> > > (I wonder offhand if fstests ought to be checking for the existence of
> > > hexdump(1) since at least Debian only has it in bsdmainutils package,
> > > but ... that's a separate question.)
> >
> > Hmm... I never thought about that, due to the hexdump is in util-linux for
> > rhel and fedora. That means it's nearly always be there. If Debian or some other
> > system won't have it by default, we might say 'hexdump' is a necessary dependence
> > to run fstests in doc :)
>
> Yeah. The fstests documentation don't list bsdmainutils as a required
> package for Debian, so I think either we should update the documentation
> or do a treewide change to make all the tests that use hexdump(1)
> _require it.
I think it would be better to replace hexdump uses with 'od -x' as
od is part of coreutils. Hence we can either replace all the calls
to hexdump with direct calls to od -x, or add a simple wrapper like:
hexdump() {
od -x $@
}
with whatever the format specification needed is to output the same
format as hexdump does...
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
next prev parent reply other threads:[~2022-03-08 22:49 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-08 9:22 [PATCH] fstests: test dirty pipe vulnerability issue of CVE-2022-0847 Zorro Lang
2022-03-08 17:14 ` Darrick J. Wong
2022-03-08 19:02 ` Zorro Lang
2022-03-08 19:55 ` Darrick J. Wong
2022-03-08 22:48 ` Dave Chinner [this message]
2022-03-09 3:39 ` Zorro Lang
2022-03-09 6:01 ` Dave Chinner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220308224858.GS3927073@dread.disaster.area \
--to=david@fromorbit.com \
--cc=djwong@kernel.org \
--cc=fstests@vger.kernel.org \
--cc=max.kellermann@ionos.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox