| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 Jun 2011 14:36:05 +0100 From: Matthew Garrett <mjg59@...f.ucam.org> To: Greg KH <gregkh@...e.de> Cc: Vasiliy Kulikov <segoon@...nwall.com>, Andrew Morton <akpm@...ux-foundation.org>, James Morris <jmorris@...ei.org>, Ingo Molnar <mingo@...e.hu>, Namhyung Kim <namhyung@...il.com>, kernel-hardening@...ts.openwall.com, linux-kernel@...r.kernel.org, security@...nel.org Subject: Re: [PATCH] kernel: escape non-ASCII and control characters in printk() On Wed, Jun 22, 2011 at 08:37:42AM -0700, Greg KH wrote: > On Wed, Jun 22, 2011 at 01:53:41PM +0400, Vasiliy Kulikov wrote: > > This patch escapes all characters outside of allowed '\n' plus 0x20-0x7E > > charset passed to printk(). > > > > There are numerous printk() instances with user supplied input as "%s" > > data, and unprivileged user may craft log messages with substrings > > containing control characters via these printk()s. Control characters > > might fool root viewing the logs via tty. > > There are "numerous" places this could happen? USB product identifiers? -- Matthew Garrett | mjg59@...f.ucam.org -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists