| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <14335276.CH3Xr2i6I8@blindfold>
Date: Tue, 20 Feb 2018 16:25:32 +0100
From: Richard Weinberger <richard@....at>
To: Masahiro Yamada <yamada.masahiro@...ionext.com>
Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Kate Stewart <kstewart@...uxfoundation.org>,
Nicholas Piggin <npiggin@...il.com>,
Kees Cook <keescook@...omium.org>,
Andrew Morton <akpm@...ux-foundation.org>, david@...ma-star.at,
kbuild-all@...org, Sam Ravnborg <sam@...nborg.org>,
Arnaud Lacombe <lacombar@...il.com>,
Nick Bowler <nbowler@...iptictech.com>,
Michal Marek <mmarek@...e.cz>, Nicolas Pitre <nico@...aro.org>,
Rusty Russell <rusty@...tcorp.com.au>
Subject: Re: [PATCH v2] kbuild: Don't source kernel config
Am Dienstag, 20. Februar 2018, 16:18:11 CET schrieb Masahiro Yamada:
> 2018-02-19 18:22 GMT+09:00 Richard Weinberger <richard@....at>:
> > Don't source the kernel config file in shell scripts.
> > The config file is not a shell script and often imported from untrusted
> > sources.
> > What could possible go wrong? ;-)
>
> Please enumerate your real problems.
Build a kernel where the .config contains something like:
CONFIG_CMDLINE_BOOL=y
CONFIG_CMDLINE="`echo hello > world`"
I'll send a v3 because I forgot to convert one function in the shell script to
the new bash array. kbuild bot FTW. :-)
Thanks,
//richard
Powered by blists - more mailing lists