| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <731ed569.b3e4.1938c652457.Coremail.00107082@163.com> Date: Tue, 3 Dec 2024 20:00:58 +0800 (CST) From: "David Wang" <00107082@....com> To: "Thomas Gleixner" <tglx@...utronix.de> Cc: kees@...nel.org, linux-kernel@...r.kernel.org, geert@...ux-m68k.org Subject: Re: [PATCH 2/3] irqchip: Fix a potential abuse of seq_printf() format string At 2024-12-03 19:22:46, "Thomas Gleixner" <tglx@...utronix.de> wrote: >On Wed, Nov 20 2024 at 17:17, David Wang wrote: >> Using device name as format string of seq_printf() is prone to >> "Format string attack", opens possibility for exploitation. >> Seq_puts() is safer and more efficient. > >I agree that seq_puts() is more efficient, but this whole handwaving >about format string attacks is far fetched. > >These strings originate from device tree or generated device/domain >names. If they contain format strings, then that's either a plain bug in >the kernel or the device tree, but far from a 'format string attack'. Isn't it possible to change device name? The way I image it, if some low-privileged interface can be used to change device name, (maybe some backdoor in the device firmware) then reading /proc/... could be used by low-privileged user to gain more information. And yes, It is all theoretical. Thanks David
Powered by blists - more mailing lists