lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 30 Apr 2011 21:47:35 -0700
From:	Stephen Hemminger <shemminger@...tta.com>
To:	Jiri Pirko <jpirko@...hat.com>
Cc:	netdev@...r.kernel.org, davem@...emloft.net,
	eric.dumazet@...il.com, mirqus@...il.com, xemul@...nvz.org
Subject: Re: [patch net-next-2.6] net: call dev_alloc_name from
 register_netdevice

On Sat, 30 Apr 2011 22:57:52 +0200
Jiri Pirko <jpirko@...hat.com> wrote:

> Sat, Apr 30, 2011 at 07:34:44PM CEST, shemminger@...tta.com wrote:
> >On Sat, 30 Apr 2011 13:21:32 +0200
> >Jiri Pirko <jpirko@...hat.com> wrote:
> >
> >> Force dev_alloc_name() to be called from register_netdevice() by
> >> dev_get_valid_name(). That allows to remove multiple explicit
> >> dev_alloc_name() calls.
> >> 
> >> The possibility to call dev_alloc_name in advance remains.
> >> 
> >> This also fixes veth creation regresion caused by
> >> 84c49d8c3e4abefb0a41a77b25aa37ebe8d6b743
> >> 
> >> Signed-off-by: Jiri Pirko <jpirko@...hat.com>
> >
> >The problem with this then you have to audit all the calls
> >to register_netdevice to make sure that user can't provide a bad
> >value which then is passed a format string. Why not just fix
> >just veth which would be safer.
> 
> Well it looks convenient to do name allocations inside
> register_netdevice generically. For special cases dev_get_valid_name()
> can be still used as before (this I think should be also prohibited in
> future).
> 
> Also I think that drivers should be responsible for what they are
> passing from user to core. Btw could you please give me an example of
> "a bad value" causing any harm in particular situation?
> 
> Thanks
> 
> Jirka

I am concerned that code like that before a driver could be passed
a string with format characters; and make a device with % in the name
and some configuration might depend on that.

dev_alloc_name tries to be as safe as possible about the processing
of format string so it should be safe from names like 'eth%s'

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ