From: daw@cs.berkeley.edu (David Wagner)
To: linux-kernel@vger.kernel.org
Subject: Re: [PATCH 3/4] security/selinux: decrement sizeof size in strncmp
Date: Fri, 13 Nov 2009 20:32:32 +0000 (UTC) [thread overview]
Message-ID: <hdkfp0$p9e$1@taverner.cs.berkeley.edu> (raw)
In-Reply-To: 4AFCC06B.1030302@schaufler-ca.com
Casey Schaufler wrote:
>James Morris wrote:
>> Do you see potential for a buffer overrun in this case?
>
>No, but I hate arguing with people who think that every time
>they see strcmp that they have found a security flaw.
So don't argue with those people, then. Those people are
probably deluded or ill-informed, if that's what they think every
time they see strcmp().
If you feel you absolutely must respond to them, send them here and
let them make the case for their position directly, with a concrete
technical argument -- if they have one (which I doubt). Or, better yet,
ignore those people. If they have a kneejerk reaction that "strcmp()
= security flaw", what makes you think they have anything useful to
contribute anyway?
I don't think this concern should have any weight whatsoever in the
decision on whether to patch the code.
next prev parent reply other threads:[~2009-11-13 20:32 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-12 7:49 [PATCH 3/4] security/selinux: decrement sizeof size in strncmp Julia Lawall
2009-11-12 8:16 ` James Morris
2009-11-12 14:53 ` Serge E. Hallyn
2009-11-12 14:57 ` Julia Lawall
2009-11-12 16:21 ` Casey Schaufler
2009-11-12 18:28 ` David Wagner
2009-11-12 21:41 ` James Morris
2009-11-12 21:59 ` Julia Lawall
2009-11-12 23:56 ` David Wagner
2009-11-13 2:11 ` Casey Schaufler
2009-11-13 20:32 ` David Wagner [this message]
2009-11-13 21:23 ` Valdis.Kletnieks
2009-11-13 21:26 ` Julia Lawall
2009-11-13 23:08 ` Valdis.Kletnieks
2009-11-14 0:41 ` David Wagner
2009-11-14 5:08 ` Valdis.Kletnieks
2009-11-14 15:22 ` Julia Lawall
2009-11-13 23:06 ` David Wagner
2009-11-14 3:06 ` Casey Schaufler
2009-11-14 3:44 ` David Wagner
2009-11-14 3:48 ` Joe Perches
2009-11-14 5:12 ` Casey Schaufler
2009-11-14 5:26 ` Joe Perches
2009-11-14 7:20 ` Casey Schaufler
2009-11-15 7:45 ` Raja R Harinath
2009-11-15 18:44 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='hdkfp0$p9e$1@taverner.cs.berkeley.edu' \
--to=daw@cs.berkeley.edu \
--cc=daw-news@taverner.cs.berkeley.edu \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox