Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp4149816imu; Mon, 12 Nov 2018 06:37:25 -0800 (PST) X-Google-Smtp-Source: AJdET5dz0zxbEEu26cPpbHGI3t0KMszU9TeExL0v4BY//WCiWhlWShT9aUQ0AYTDZ/3j8IBBN7ug X-Received: by 2002:a63:d441:: with SMTP id i1-v6mr1028176pgj.31.1542033445453; Mon, 12 Nov 2018 06:37:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542033445; cv=none; d=google.com; s=arc-20160816; b=EOCd1LhHZmZvtRGu00iNiw3USKDpe2F7KVClA3jCU6vw1lZgy36rE+RNCAsHLUZue/ ucZZpjPQIfv1gdQscVI1DCc2zsr6XnMZu1JnCxzY9c2zV5fEUC8Cir+mdbh31scXhqsh sPMkITdDln6kfjT6PZno9IqwzHurwuARGcM3p/aRQMRBYhIKj216S1xEvEM0FrJY48P3 WRD1Vz11NXQy8KoTKBsEedlC4o/1ZsqFU1jzmtxuMSHFjUKcwZI8tifeYBWC0Ae/GSil hGKhLIxIoUD1Zs7oPjc5EaG2pNF6zUf6OXe7akI3Ca710Zfz4ug6HBWAF/ch60GF+OYs +9CQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:mail-followup-to :message-id:subject:cc:to:from:date:dkim-signature; bh=3+7QyY3MLdp4z/8AaWca3nf86q43vXRoldp+QtPjis4=; b=EdAjuS1JmuYTA4/sAyZKsm2fuwgAlBrg8ix/62csBVpfshJ51VjbaZBWEl+XpmR2Xk xPARNn7S0lasSom8QdjLs5kV6DZ/JdQnjlYx1whs00jU1dKK7BQzN3V/l3vGE1HP+Qyj Dk3epLcUbqrPqJLCTzULNkO94qfjuOnfCvO8ehKp/HzJTALWxeP2gttZkqQrYJnh1ZM/ 3u7Z9Je0zwGcxYGb5Kcb+4Q9QqLg+B3TcB9ufwg+Ip+/qWpS7zlsaoBz0TbDpgRM/Zr4 /kCrKQTGNv4BJc1wTuPK+CYvOejkRJonqX50BKyeuH4HFgRTUKvAk6uQhOZwYpFRNFI2 bA3w== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@thunk.org header.s=ef5046eb header.b=oPwRQliG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p6-v6si16598873plk.429.2018.11.12.06.37.09; Mon, 12 Nov 2018 06:37:25 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@thunk.org header.s=ef5046eb header.b=oPwRQliG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728416AbeKMA2z (ORCPT + 99 others); Mon, 12 Nov 2018 19:28:55 -0500 Received: from imap.thunk.org ([74.207.234.97]:45956 "EHLO imap.thunk.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726981AbeKMA2z (ORCPT ); Mon, 12 Nov 2018 19:28:55 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=thunk.org; s=ef5046eb; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=3+7QyY3MLdp4z/8AaWca3nf86q43vXRoldp+QtPjis4=; b=oPwRQliGjJ2SOfDRL464xjc3e+ hzXIDYEheI6bzxenB1XonoknKTDXDGVwtATy742onUNZgGF+/Y1RFrKrWOuXBWOU91klsYLyp5NcV rnd/211bXQHNjgjfZ1Rk7wnGFY3rXeo/BwKRXB7UANawyjnxVAPA22WJH7LofsgbTWcs=; Received: from root (helo=callcc.thunk.org) by imap.thunk.org with local-esmtp (Exim 4.89) (envelope-from ) id 1gMDIy-00009e-22; Mon, 12 Nov 2018 14:35:08 +0000 Received: by callcc.thunk.org (Postfix, from userid 15806) id 64E677A47B5; Mon, 12 Nov 2018 09:35:06 -0500 (EST) Date: Mon, 12 Nov 2018 09:35:06 -0500 From: "Theodore Y. Ts'o" To: Szabolcs Nagy Cc: Daniel Colascione , Florian Weimer , nd , "Michael Kerrisk (man-pages)" , linux-kernel , Joel Fernandes , Linux API , Willy Tarreau , Vlastimil Babka , Carlos O'Donell , "libc-alpha@sourceware.org" Subject: Re: Official Linux system wrapper library? Message-ID: <20181112143506.GC7377@thunk.org> Mail-Followup-To: "Theodore Y. Ts'o" , Szabolcs Nagy , Daniel Colascione , Florian Weimer , nd , "Michael Kerrisk (man-pages)" , linux-kernel , Joel Fernandes , Linux API , Willy Tarreau , Vlastimil Babka , Carlos O'Donell , "libc-alpha@sourceware.org" References: <877ehjx447.fsf@oldenburg.str.redhat.com> <45cf58e0-909e-262c-5b9f-b91d62350a79@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <45cf58e0-909e-262c-5b9f-b91d62350a79@arm.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: tytso@thunk.org X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 12, 2018 at 12:45:26PM +0000, Szabolcs Nagy wrote: > >> A lot of the new system calls lack clear specifications or are just > >> somewhat misdesigned. For example, pkey_alloc > > [snip] > >> getrandom still causes boot delays I'll note that what some people consider misdesigns, others consider "fix CVE's". Some people may consider it more important to avoid boot delays; others would consider internet-wide security problems, ala https://factorable.net to be higher priority. It's clear this is one area where I and some glibc developers have had a difference of opinion. The bigger problem is that if a single glibc developer is able to veto any new system call, maybe we *do* need to have a kernel-provided library which bypasses glibc.... - Ted