| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 3 Jul 2011 22:10:31 +0100 From: Alan Cox <alan@...rguk.ukuu.org.uk> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Vasiliy Kulikov <segoon@...nwall.com>, Ingo Molnar <mingo@...e.hu>, Andrew Morton <akpm@...ux-foundation.org>, James Morris <jmorris@...ei.org>, Namhyung Kim <namhyung@...il.com>, Greg Kroah-Hartman <gregkh@...e.de>, kernel-hardening@...ts.openwall.com, linux-kernel@...r.kernel.org Subject: Re: [PATCH v2] kernel: escape non-ASCII and control characters in printk() > That said, if we really want to do this, I think doing it with %s > filtering is the only way, and it would make the default case where > people really don't think about possible user-supplied strings be > safe. > > So saying "%s is for pure 7-bit ASCII with no control codes" is > annoying, but would really fix it. It's fairly easy for the console in question to provide a filter but 7bit ascii wouldn't be a bad default for a printing console, definitely a wrong default for the log file though. > That said, I think it should be unconditional. None of this "safe vs > unsafe" flags, and none of this "printk format strings are different > from other vsprintf format strings". If special characters are a > potential security problem for printk(), then they are a potential > security problem for other things (eg /proc filenames or content etc). In which case we can't do it because we need \n in proc content so that's a complete and utter non starter. In addition we have things with filenames in it and filenames are unicode so we'd break apps that look filenames up via /proc for things like monitoring. It depends how much you care as well - any idiot can figure out how to simply use spaces and/or tabs to build multiple lines of fake looking output like say a spoofed Oops. As Lars can no doubt remind people spoofing oopses can be fun ;) Alan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists