lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aAuiMqkjVbW3c8nx@infradead.org>
Date: Fri, 25 Apr 2025 07:54:42 -0700
From: Christoph Hellwig <hch@...radead.org>
To: Theodore Ts'o <tytso@....edu>
Cc: Alejandro Colomar <alx@...nel.org>, linux-kernel@...r.kernel.org,
	linux-api@...r.kernel.org, linux-man@...r.kernel.org
Subject: Re: newlines in filenames; POSIX.1-2024

On Tue, Apr 22, 2025 at 05:21:31PM -0500, Theodore Ts'o wrote:
> Do we have any information of which implementations (if any) might
> decide to disallow new-line characters?

AFAIK: none.  At least none that matters.

> Personally, I'm not convinced a newline is any different from any
> number of weird-sh*t characters, such as zero-width space Unicode
> characters, ASCII ETX or EOF characters, etc.

It isn't any different in a substantial way.

> I suppose we could add a new mount option which disallows the
> weird-sh*t characters, but I bet it will break some userspace
> programs, and it also begs the question of *which* weird-sh*t
> characters should be disallowed by the kernel.

Don't go there.  The only limitations that does make some limited
sense in some limited environment is limiting to valid utf8.  We've
already done that for CI, and that's causing enough problems despite
having a use case.  Adding random mount options to limit random
characters has a lot of downside but absolutely no actual upside.

> 
> > I guess there's no intention to change that behavior.  But I should
> > ask.  I thought of adding this paragraph to all pages that create
> > file names:
> > 
> > 	+.SH CAVEATS
> > 	+POSIX.1-2024 encourages implementations to
> > 	+disallow creation of filenames containing new-line characters.
> > 	+Linux doesn't follow this,
> > 	+and allows using new-line characters.
> > 
> > Are there any comments?
> 
> I think this is giving the Austin Group way more attention/respect
> than they deserve, especially when it's an optional "encourage", but
> whatever...

Yeah.  Don't even mention these idiotic recommendations, any attention
spent on this is too much.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ