> In short, give a better reason, because as it stands, this "bug" is not a
> bug, but just a case of "let's not add code to take care of a case we
> shouldn't care about anyway". It's a "bug" in the same sense as it's a
> "bug" that root can write to /dev/kmem and make the system unstable.
I have two arguments in favor of Alan Cox's position:
Programming by contract. Esthetically, I *like* it when I can
make assertions and prove them. In this case, the assertion is:
system_uts.nodename is a null-terminated string of less than size
__NEW_UTS_LEN. Practically, I think that programming by contract
eliminates the conditions that breed bugs.
Capabilities instead of the almighty root. sys_sethostname requires
only CAP_SYS_ADMIN. I don't like the argument that someone with one
capability might as well have the power to run racy code, because
they could write to /dev/kmem anyways. Also I think that bugs are
different from intentionally shooting one's foot off.
Just my opinion. I'll go back to proof-reading sound code now.
Regards,
Michael Chastain
<mailto:mec@shout.net>
"love without fear"
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu