| General > General Technical Chat |
| University of Minnesota Linux code security issues; banned and to be removed |
| << < (21/23) > >> |
| magic:
No, this whole drama proves that Linux has a rubber stamping process in place, which is not quite the same as review. This seems to be the patch that directly triggered Greg's rage: --- Code: ---Subject: [PATCH] SUNRPC: Add a check for gss_release_msg Date: Tue, 6 Apr 2021 19:16:56 -0500 Message-ID: <20210407001658.2208535-1-pakki001@umn.edu> (raw) In gss_pipe_destroy_msg(), in case of error in msg, gss_release_msg deletes gss_msg. The patch adds a check to avoid a potential double free. Signed-off-by: Aditya Pakki <pakki001@umn.edu> --- net/sunrpc/auth_gss/auth_gss.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c index 5f42aa5fc612..eb52eebb3923 100644 --- a/net/sunrpc/auth_gss/auth_gss.c +++ b/net/sunrpc/auth_gss/auth_gss.c @@ -848,7 +848,8 @@ gss_pipe_destroy_msg(struct rpc_pipe_msg *msg) warn_gssd(); gss_release_msg(gss_msg); } - gss_release_msg(gss_msg); + if (gss_msg) + gss_release_msg(gss_msg); } --- End code --- It's pointless because gss_msg is a refcounted object and you can't double-free it by calling gss_release_msg - that's how they explained the problem on the mailing list. If a reviewer misses that then he will miss everything. And if the actual maintainer of the code in question misses it, then what's wrong with a student missing it when he saw such suspiciously looking code in the output of a static analyzer? |
| ataradov:
Is this just a general grievance thread now? How incorrect setup of nginx is related to possible code review issues in the kernel? The design issues are also not a question here. Linux is what it is. Don't like it - don't use it. I personally more concerned with Windows sending your data to Microsoft in an advertised way. That's why I don't use Windows. There is no need to put solving all the world's problems on kernel developer's shoulders. |
| magic:
Lot's of your personal data are handled by Loonix servers AND desktops probably too, just so you know. And as I said, it's not Microsoft who advertises Linux as more secure than Windows because "given enough eyes, all bugs are shallow". |
| bd139:
--- Quote from: ataradov on April 30, 2021, 07:35:17 am ---Is this just a general grievance thread now? How incorrect setup of nginx is related to possible code review issues in the kernel? The design issues are also not a question here. Linux is what it is. Don't like it - don't use it. I personally more concerned with Windows sending your data to Microsoft in an advertised way. That's why I don't use Windows. There is no need to put solving all the world's problems on kernel developer's shoulders. --- End quote --- The point is that the process is flawed so why should we trust it. |
| ataradov:
--- Quote from: magic on April 30, 2021, 07:38:25 am ---Lot's of your personal data are handled by Loonix servers AND desktops probably too, just so you know. --- End quote --- We get it, you hate Linux. Now move on. |
| Navigation |
| Message Index |
| Next page |
| Previous page |