lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <f306fe7e-487e-4995-8386-6cbe9eb465a0@zonk.pl>
Date: Sun, 25 Feb 2024 23:51:27 +0100
From: Adam Osuchowski <adwol@...k.pl>
To: linux-kernel@...r.kernel.org
Subject: seq_file_path() invocations and backslash escaping

Hi all,

seq_file_path() invocations in several places have not specified proper
characters set to escape. It leads to potentially ambiguous content in
/proc/<pid>/maps, /proc/<pid>/smaps /proc/<pid>/numa_maps, and also in
/proc/mdstat files. In corner cases contents of these files may be unparseable
in correct way and may give invalid results (non-existing paths).

The reason is that if any of sensitive characters (space, TAB, NL, etc.) are
escaped as octal using backslash character (ASCII 0x5C), the backslash itself
should be escaped as well.

Find attached a patch for this issue.

Additionally, paths in contents of /proc/<pid>/{,s}maps files may have
" (deleted)" string appended to them to indicate that path is non-existing.
Maybe one should consider escaping space in paths in this files to distinguish
non-existing path case from case when real path name ends with " (deleted)"
string. Of course, then space in this suffix must not be escaped, only path
part.

Regards,
Adam

View attachment "seq_file_path-escaping_backslash.patch" of type "text/plain" (947 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ