lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200207193113.GA3438946@rani.riverdale.lan>
Date:   Fri, 7 Feb 2020 14:31:15 -0500
From:   Arvind Sankar <nivedita@...m.mit.edu>
To:     Kees Cook <keescook@...omium.org>
Cc:     Masami Hiramatsu <mhiramat@...nel.org>,
        Steven Rostedt <rostedt@...dmis.org>,
        Ingo Molnar <mingo@...hat.com>,
        Frank Rowand <frowand.list@...il.com>,
        Randy Dunlap <rdunlap@...radead.org>,
        Namhyung Kim <namhyung@...nel.org>,
        Tim Bird <Tim.Bird@...y.com>, Jiri Olsa <jolsa@...hat.com>,
        Arnaldo Carvalho de Melo <acme@...nel.org>,
        Tom Zanussi <tom.zanussi@...ux.intel.com>,
        Rob Herring <robh+dt@...nel.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Alexey Dobriyan <adobriyan@...il.com>,
        Jonathan Corbet <corbet@....net>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        linux-doc@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v6 08/22] bootconfig: init: Allow admin to use bootconfig
 for init command line

On Fri, Feb 07, 2020 at 10:03:16AM -0800, Kees Cook wrote:
> > +
> > +	if (ilen) {
> > +		/*
> > +		 * Append supplemental init boot args to saved_command_line
> > +		 * so that user can check what command line options passed
> > +		 * to init.
> > +		 */
> > +		len = strlen(saved_command_line);
> > +		if (!strstr(boot_command_line, " -- ")) {
> > +			strcpy(saved_command_line + len, " -- ");
> > +			len += 4;
> > +		} else
> > +			saved_command_line[len++] = ' ';
> > +
> > +		strcpy(saved_command_line + len, extra_init_args);
> > +	}
> 
> This isn't safe because it will destroy any argument with " -- " in
> quotes and anything after it. For example, booting with:
> 
> thing=on acpi_osi="! -- " other=setting
> 
> will wreck acpi_osi's value and potentially overwrite "other=settings",
> etc.
> 
> (Yes, this seems very unlikely, but you can't treat " -- " as special,
> the command line string must be correct parsed for double quotes, as
> parse_args() does.)
> 

I think it won't overwrite anything, it will just leave out the " -- "
that should have been added?

I wonder if this is necessary, though -- since commit b88c50ac304a ("log
arguments and environment passed to init") the init arguments will be in
the kernel log anyway.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ