On Thu, Mar 06, 2008 at 03:12:21PM +0100, Olivier Galibert wrote: > On Thu, Mar 06, 2008 at 03:03:15PM +0100, Paolo Bonzini wrote: > > Olivier Galibert wrote: > > >On Wed, Mar 05, 2008 at 05:12:07PM -0800, H. Peter Anvin wrote: > > >>It's a kernel bug, and it needs to be fixed. > > > > > >I'm not convinced. It's been that way for 15 years, it's that way in > > >the BSD kernels, at that point it's a feature. The bug is in the > > >documentation, nowhere else. And in gcc for blindly trusting the > > >documentation. > > > > No, the bug *in the kernel* was already present (if you had a signal > > raised during a call to memmove). It's just more visible with GCC 4.3. > > I'm curious, since when paper documentation became the Truth and > reality became a bug?
If the kernel allows state to leak from one process to another, for example from a process running as root to a process running as an ordinary user, it's a bug, with possible security implications. In this particular case not much can be communicated through a one-bit flag, so it would only be relevant in those situations where you want to forbid any communication channels from a given process. So the kernel developers might consider it a trivial bug. Or, they could just fix it, which I understand is the plan.
