On Mon, Jul 06, 2020 at 09:29:46AM -0700, Andy Lutomirski wrote: > Is most contexts where 'whitelist' or 'blacklist' might be used, a > descriptive phrase could be used instead. For example, a seccomp > filter could have a 'list of allowed syscalls' or a 'list of > disallowed syscalls', and just lists could be the 'allowed' or > 'accepted' lists and the 'disallowed', 'rejected', or 'blocked' lists. > If a single word replacement for 'whitelist' or 'blacklist' is needed, > 'allowlist', 'blocklist', or 'denylist' could be used.
Yup. See: https://lore.kernel.org/lkml/202007041703.51F4059CA@keescook/ specifically the terminology for seccomp is already "allow-list" and "deny-list": https://github.com/mkerrisk/man-pages/commit/462ce23d491904a0b46252dc97c8cb42391c093e (last year) https://github.com/seccomp/libseccomp/commit/0e762521d604612bb4dca8867d4a428a5e6cae54 (last month) > Second, I realize that I grew up thinking that 'whitelist' and > 'blacklist' are the common terms for lists of things to be accepted > and rejected and that this biases my perception of what sounds good, > but writing a seccomp "denylist" or "blocklist" doesn't seem to roll > off the tongue. Perhaps this language would be better: I have struggled with this as well. The parts of speech change, and my grammar senses go weird. whitelist = adjective noun. allow-list = verb noun. verbing the adj/noun combo feels okay, but verbing a verb/noun is weird. And just using "allowed" and "denied" doesn't impart whether it refers to a _single_ instance or a _list_ of instances. But that's all fine. The change is easy to do and is more descriptive even if I can't find terms that don't collide with my internal grammar checker. ;) -- Kees Cook
