lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170130170318.gvcxx7ouy54rwy2i@pd.tnic>
Date:   Mon, 30 Jan 2017 18:03:18 +0100
From:   Borislav Petkov <bp@...e.de>
To:     Petr Mladek <pmladek@...e.com>
Cc:     Rabin Vincent <rabin.vincent@...s.com>, akpm@...ux-foundation.org,
        linux-kernel@...r.kernel.org,
        Sergey Senozhatsky <sergey.senozhatsky.work@...il.com>
Subject: Re: [PATCH] printk: fix printk.devkmsg sysctl

On Mon, Jan 30, 2017 at 02:38:03PM +0100, Petr Mladek wrote:
> We must not access userspace pointer directly. One solution would be
> to use get_user().

Good point.

> But a better solution might be to check also the trailing '\0' in
> __control_devkmsg, see below. I has several advantages:
> 
>    + we will never assign "invalid" value to @devkmsg_log and
>      do not need to revert it. Only devkmsg_log_str must be
>      reverted.
> 
>    + __control_devkmsg() do not need to return the length of the
>      string. We could simply check the error code.
> 
>    * the err variable will have the same meaning for both
>      __control_devkmsg() and proc_dostring().
>

Sounds good to me.

> Note that
> 
>    echo "ratelimitXXXXXX" >/proc/sys/kernel/printk_devkmsg
> 
> succeeds because the copied string is limited by DEVKMSG_STR_MAX_SIZE.
> We would need to add at least one byte to be able to detect an error
> but I am not sure if it is worth it.

So my reasoning here was to allow only '<str>' or '<str>\n' - where
<str> is one of the three accepted settings and fail everything else.
That's why I did return the strlen.

Accepting

$ echo "ratelimitXXXXXX" > ...

looks strange to me and silly and misleading and...

IOW, I'd like the user to know what she does and mean it. No sloppy
inputs.

-- 
Regards/Gruss,
    Boris.

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
-- 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ