[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170130170318.gvcxx7ouy54rwy2i@pd.tnic>
Date: Mon, 30 Jan 2017 18:03:18 +0100
From: Borislav Petkov <bp@...e.de>
To: Petr Mladek <pmladek@...e.com>
Cc: Rabin Vincent <rabin.vincent@...s.com>, akpm@...ux-foundation.org,
linux-kernel@...r.kernel.org,
Sergey Senozhatsky <sergey.senozhatsky.work@...il.com>
Subject: Re: [PATCH] printk: fix printk.devkmsg sysctl
On Mon, Jan 30, 2017 at 02:38:03PM +0100, Petr Mladek wrote:
> We must not access userspace pointer directly. One solution would be
> to use get_user().
Good point.
> But a better solution might be to check also the trailing '\0' in
> __control_devkmsg, see below. I has several advantages:
>
> + we will never assign "invalid" value to @devkmsg_log and
> do not need to revert it. Only devkmsg_log_str must be
> reverted.
>
> + __control_devkmsg() do not need to return the length of the
> string. We could simply check the error code.
>
> * the err variable will have the same meaning for both
> __control_devkmsg() and proc_dostring().
>
Sounds good to me.
> Note that
>
> echo "ratelimitXXXXXX" >/proc/sys/kernel/printk_devkmsg
>
> succeeds because the copied string is limited by DEVKMSG_STR_MAX_SIZE.
> We would need to add at least one byte to be able to detect an error
> but I am not sure if it is worth it.
So my reasoning here was to allow only '<str>' or '<str>\n' - where
<str> is one of the three accepted settings and fail everything else.
That's why I did return the strlen.
Accepting
$ echo "ratelimitXXXXXX" > ...
looks strange to me and silly and misleading and...
IOW, I'd like the user to know what she does and mean it. No sloppy
inputs.
--
Regards/Gruss,
Boris.
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
--
Powered by blists - more mailing lists