lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 21 Feb 2018 01:30:10 +0900
From:   Masahiro Yamada <yamada.masahiro@...ionext.com>
To:     Richard Weinberger <richard@....at>
Cc:     Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Kate Stewart <kstewart@...uxfoundation.org>,
        Nicholas Piggin <npiggin@...il.com>,
        Kees Cook <keescook@...omium.org>,
        Andrew Morton <akpm@...ux-foundation.org>, david@...ma-star.at,
        kbuild-all@...org, Sam Ravnborg <sam@...nborg.org>,
        Arnaud Lacombe <lacombar@...il.com>,
        Nick Bowler <nbowler@...iptictech.com>,
        Michal Marek <mmarek@...e.cz>, Nicolas Pitre <nico@...aro.org>,
        Rusty Russell <rusty@...tcorp.com.au>
Subject: Re: [PATCH v2] kbuild: Don't source kernel config

2018-02-21 1:16 GMT+09:00 Richard Weinberger <richard@....at>:
> Am Dienstag, 20. Februar 2018, 17:00:39 CET schrieb Masahiro Yamada:
>> 2018-02-21 0:25 GMT+09:00 Richard Weinberger <richard@....at>:
>> > Am Dienstag, 20. Februar 2018, 16:18:11 CET schrieb Masahiro Yamada:
>> >> 2018-02-19 18:22 GMT+09:00 Richard Weinberger <richard@....at>:
>> >> > Don't source the kernel config file in shell scripts.
>> >> > The config file is not a shell script and often imported from untrusted
>> >> > sources.
>> >> > What could possible go wrong? ;-)
>> >>
>> >> Please enumerate your real problems.
>> >
>> > Build a kernel where the .config contains something like:
>> > CONFIG_CMDLINE_BOOL=y
>> > CONFIG_CMDLINE="`echo hello > world`"
>>
>> Same for Makefile
>> if a string symbol is referenced from Makefile, like
>>
>> CONFIG_CROSS_COMPILE="$(shell echo hello > world)aarch64-linux-gnu-"
>
> Correct. But you forget that the .config file is often imported from untrusted
> sources. Like on LKML, "my kernel explodes, this is the .config".
> Jonny random Kernel developer then takes the .config and builds it...
>
>> > I'll send a v3 because I forgot to convert one function in the shell
>> > script to the new bash array. kbuild bot FTW. :-)
>>
>> You do not need to do so.
>
> Okay, let's wait until toxic .configs appear in the wild. ;-)
>
>> This patch is so ugly.
>>
>> Also, changed shell scripts have '#!/bin/sh' shebang,
>> but you are adding bash as a requirement.
>
> An alternate approach would be this:
> diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c
> index 5c12dc91ef34..ff0a7c62344b 100644
> --- a/scripts/kconfig/confdata.c
> +++ b/scripts/kconfig/confdata.c
> @@ -161,6 +161,13 @@ static int conf_set_sym_val(struct symbol *sym, int def,
> int def_flags, char *p)
>         case S_STRING:
>                 if (*p++ != '"')
>                         break;
> +
> +               p2 = strpbrk(p, "`$");
> +               if (p2 && !(p2[0] == '$' && p2[1] != '(')) {
> +                       conf_warning("string contains forbidden characters");
> +                       return 1;
> +               }
> +
>                 for (p2 = p; (p2 = strpbrk(p2, "\"\\")); p2++) {
>                         if (*p2 == '"') {
>                                 *p2 = 0;
>
> That way the conf tool will sanitize the .config before shell scripts will
> source it.


This approach seems better.




-- 
Best Regards
Masahiro Yamada

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ