lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1919455.eZKeABUfgV@blindfold>
Date:   Tue, 20 Feb 2018 17:16:07 +0100
From:   Richard Weinberger <richard@....at>
To:     Masahiro Yamada <yamada.masahiro@...ionext.com>
Cc:     Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Kate Stewart <kstewart@...uxfoundation.org>,
        Nicholas Piggin <npiggin@...il.com>,
        Kees Cook <keescook@...omium.org>,
        Andrew Morton <akpm@...ux-foundation.org>, david@...ma-star.at,
        kbuild-all@...org, Sam Ravnborg <sam@...nborg.org>,
        Arnaud Lacombe <lacombar@...il.com>,
        Nick Bowler <nbowler@...iptictech.com>,
        Michal Marek <mmarek@...e.cz>, Nicolas Pitre <nico@...aro.org>,
        Rusty Russell <rusty@...tcorp.com.au>
Subject: Re: [PATCH v2] kbuild: Don't source kernel config

Am Dienstag, 20. Februar 2018, 17:00:39 CET schrieb Masahiro Yamada:
> 2018-02-21 0:25 GMT+09:00 Richard Weinberger <richard@....at>:
> > Am Dienstag, 20. Februar 2018, 16:18:11 CET schrieb Masahiro Yamada:
> >> 2018-02-19 18:22 GMT+09:00 Richard Weinberger <richard@....at>:
> >> > Don't source the kernel config file in shell scripts.
> >> > The config file is not a shell script and often imported from untrusted
> >> > sources.
> >> > What could possible go wrong? ;-)
> >> 
> >> Please enumerate your real problems.
> > 
> > Build a kernel where the .config contains something like:
> > CONFIG_CMDLINE_BOOL=y
> > CONFIG_CMDLINE="`echo hello > world`"
> 
> Same for Makefile
> if a string symbol is referenced from Makefile, like
> 
> CONFIG_CROSS_COMPILE="$(shell echo hello > world)aarch64-linux-gnu-"

Correct. But you forget that the .config file is often imported from untrusted 
sources. Like on LKML, "my kernel explodes, this is the .config".
Jonny random Kernel developer then takes the .config and builds it... 
 
> > I'll send a v3 because I forgot to convert one function in the shell
> > script to the new bash array. kbuild bot FTW. :-)
> 
> You do not need to do so.

Okay, let's wait until toxic .configs appear in the wild. ;-)

> This patch is so ugly.
> 
> Also, changed shell scripts have '#!/bin/sh' shebang,
> but you are adding bash as a requirement.

An alternate approach would be this:
diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c
index 5c12dc91ef34..ff0a7c62344b 100644
--- a/scripts/kconfig/confdata.c
+++ b/scripts/kconfig/confdata.c
@@ -161,6 +161,13 @@ static int conf_set_sym_val(struct symbol *sym, int def, 
int def_flags, char *p)
 	case S_STRING:
 		if (*p++ != '"')
 			break;
+
+		p2 = strpbrk(p, "`$");
+		if (p2 && !(p2[0] == '$' && p2[1] != '(')) {
+			conf_warning("string contains forbidden characters");
+			return 1;
+		}
+
 		for (p2 = p; (p2 = strpbrk(p2, "\"\\")); p2++) {
 			if (*p2 == '"') {
 				*p2 = 0;

That way the conf tool will sanitize the .config before shell scripts will 
source it.

Thanks,
//richard

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ