| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Jun 2010 07:51:37 -0700 From: Kees Cook <kees.cook@...onical.com> To: Alan Cox <alan@...rguk.ukuu.org.uk> Cc: linux-kernel@...r.kernel.org, Greg Kroah-Hartman <gregkh@...e.de>, Andrew Morton <akpm@...ux-foundation.org>, Tejun Heo <tj@...nel.org>, Veaceslav Falico <vfalico@...hat.com>, Alexander Viro <viro@...iv.linux.org.uk>, Oleg Nesterov <oleg@...hat.com>, KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>, Neil Horman <nhorman@...driver.com>, Roland McGrath <roland@...hat.com>, Ingo Molnar <mingo@...e.hu>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, Hidetoshi Seto <seto.hidetoshi@...fujitsu.com>, Stefani Seibold <stefani@...bold.net>, Thomas Gleixner <tglx@...utronix.de>, Eric Paris <eparis@...hat.com>, James Morris <jmorris@...ei.org>, "Andrew G. Morgan" <morgan@...nel.org>, Dhaval Giani <dhaval.giani@...il.com>, "Serge E. Hallyn" <serue@...ibm.com>, Steve Grubb <sgrubb@...hat.com>, Christoph Hellwig <hch@....de>, linux-fsdevel@...r.kernel.org Subject: Re: [PATCH v2] sanitize task->comm to avoid leaking escape codes On Tue, Jun 29, 2010 at 10:36:50AM +0100, Alan Cox wrote: > > Through get_task_comm() and many direct uses of task->comm in the kernel, > > it is possible for escape codes and other non-printables to leak into > > dmesg, syslog, etc. In the worst case, these strings could be used to > > attack administrators using vulnerable terminal emulators, and at least > > cause confusion through the injection of \r characters. > > If an administrator has a vulnerable terminal emulator they have other > problems. Totally agreed. > Please do any filtering you must in the yama security module where it > only affects that. One way to approach it without losing data within the > module might be to use HTML style encoding within Yama so your own tools > can undo the 'sanitizing' rather than losing information ? I'm not interested in sanitizing this in Yama. The use of task->comm via printk was seen as a flaw. I didn't agree (see above about terminal), and suggested that if it was a flaw, it was a flaw with printk or task->comm itself. Since "fixing" both of those have been vetoed, I have no more interest in the filtering. What I do have interest in is fixing get_task_comm's use of buffers, which is theoretically problematic in some future where someone accidentally calls it with a buffer smaller than sizeof(task->comm). I'll send a patch that only fixes that and leaves out the filtering. -Kees -- Kees Cook Ubuntu Security Team -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists