| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4c0f1d90-b147-e1cd-20c1-0cdd869f4f15@yandex-team.ru>
Date: Tue, 5 Mar 2019 20:03:24 +0300
From: Konstantin Khlebnikov <khlebnikov@...dex-team.ru>
To: Tejun Heo <tj@...nel.org>
Cc: Peter Zijlstra <peterz@...radead.org>,
linux-kernel@...r.kernel.org, Li Zefan <lizefan@...wei.com>,
Johannes Weiner <hannes@...xchg.org>, cgroups@...r.kernel.org,
Ingo Molnar <mingo@...hat.com>
Subject: Re: [PATCH] sched/core: check format and overflows in cgroup2 cpu.max
On 05.03.2019 18:57, Tejun Heo wrote:
> Hello,
>
> On Wed, Feb 27, 2019 at 11:13:21AM +0300, Konstantin Khlebnikov wrote:
>> Cgroup2 interface for cpu bandwidth limit has some flaws:
>>
>> - on stack buffer overflow
>> - no checks for valid format or trailing garbage
>> - no checks for integer overflows
>>
>> This patch fixes all these flaws.
>
> Ditto as the blkio patch. Unless there is a correctness problem, my
> preference is towards keeping the parsing functions simple and I don't
> think the kernel needs to play the role of strict input verifier here
> as long as the only foot getting shot is the user's own.
IMHO non-strict interface more likely hides bugs and could cause problems for future changes.
Here is only only one fatal bug - buffer overflow in sscanf because %s has no limit.
Strict validation could be done as more strict sscanf variant or some kind of extension for format string.
>
> Thanks.
>
Powered by blists - more mailing lists