[Ksummit-discuss] [CORE TOPIC] Reviewing new API/ABI
Andy Lutomirski
luto at amacapital.net
Tue May 6 19:43:48 UTC 2014
On Tue, May 6, 2014 at 12:21 PM, Johannes Berg
<johannes at sipsolutions.net> wrote:
> On Tue, 2014-05-06 at 10:58 -0700, josh at joshtriplett.org wrote:
>
>> We need to have better processes for vetting new syscalls and ABIs far
>> more carefully than we currently do.
>
> How far would you want to take this? New syscalls is one thing, but
> there are frequently additions to "subsystem APIs", e.g. in networking,
> that aren't really syscalls but part of netlink etc. Trying to vet all
> of that might very well end up just overwhelming the process, but on the
> other hand it's still something that probably should be done in some
> form.
>
The snarky answer is: CVE-2014-0181. I don't like netlink for
anything other than broadcasts from kernel space to user space.
A possibly better answer is that I think there are things that are
worthy of more care and things that are worthy of less care. I also
think that it's more a question of the scope of the API than the
mechanism. A debugfs thing, a sysfs entry for a particular device or
obscure configuration setting, or an ioctl on a device node are
possibly of less broad applicability. Something like AF_ALG really is
a global API, though. I would tend to classify many things that use
netlink in more-review category, since I don't think that the fact
that a new API uses netlink should exempt it from the same kind of
review it would need if it used a different mechanism.
--Andy
More information about the Ksummit-discuss
mailing list