Re: [PATCH 3/4] security/selinux: decrement sizeof size in strncmp
From: David Wagner
Date: Fri Nov 13 2009 - 15:32:40 EST
Casey Schaufler wrote:
>James Morris wrote:
>> Do you see potential for a buffer overrun in this case?
>
>No, but I hate arguing with people who think that every time
>they see strcmp that they have found a security flaw.
So don't argue with those people, then. Those people are
probably deluded or ill-informed, if that's what they think every
time they see strcmp().
If you feel you absolutely must respond to them, send them here and
let them make the case for their position directly, with a concrete
technical argument -- if they have one (which I doubt). Or, better yet,
ignore those people. If they have a kneejerk reaction that "strcmp()
= security flaw", what makes you think they have anything useful to
contribute anyway?
I don't think this concern should have any weight whatsoever in the
decision on whether to patch the code.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/