lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <82f6d64a-efac-07cb-47a6-5c7e238ff0ea@iogearbox.net>
Date:   Fri, 1 Mar 2019 10:04:54 +0100
From:   Daniel Borkmann <daniel@...earbox.net>
To:     Andrii Nakryiko <andrii.nakryiko@...il.com>
Cc:     Alexei Starovoitov <ast@...com>, bpf@...r.kernel.org,
        Networking <netdev@...r.kernel.org>, joe@...d.net.nz,
        john.fastabend@...il.com, tgraf@...g.ch,
        Yonghong Song <yhs@...com>, Andrii Nakryiko <andriin@...com>,
        Jakub Kicinski <jakub.kicinski@...ronome.com>,
        lmb@...udflare.com
Subject: Re: [PATCH bpf-next v2 3/7] bpf, obj: allow . char as part of the
 name

On 03/01/2019 06:52 AM, Andrii Nakryiko wrote:
> On Thu, Feb 28, 2019 at 3:31 PM Daniel Borkmann <daniel@...earbox.net> wrote:
>>
>> Trivial addition to allow '.' aside from '_' as "special" characters
>> in the object name. Used to name maps from loader side as ".bss",
>> ".data", ".rodata".
>>
>> Signed-off-by: Daniel Borkmann <daniel@...earbox.net>
> 
> Acked-by: Andrii Nakryiko <andriin@...com>
> 
>>  kernel/bpf/syscall.c | 6 +++---
>>  1 file changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
>> index d3ef45e01d7a..90044da3346e 100644
>> --- a/kernel/bpf/syscall.c
>> +++ b/kernel/bpf/syscall.c
>> @@ -440,10 +440,10 @@ static int bpf_obj_name_cpy(char *dst, const char *src)
>>         const char *end = src + BPF_OBJ_NAME_LEN;
>>
>>         memset(dst, 0, BPF_OBJ_NAME_LEN);
>> -
>> -       /* Copy all isalnum() and '_' char */
>> +       /* Copy all isalnum(), '_' and '.' chars. */
> 
> Is there any reason names are so restrictive? Say, why not '-' as
> well? It's perfectly safe even in filenames. Or even '/' and '\'? Is
> this name used by anything else in the system, except for
> introspection?

Could be done, presumably it was more restrictive in case one might
need some reserved names in unforeseeable future, but looks so far
noone run into the need to extend it further than this. :)

>>         while (src < end && *src) {
>> -               if (!isalnum(*src) && *src != '_')
>> +               if (!isalnum(*src) &&
>> +                   *src != '_' && *src != '.')
>>                         return -EINVAL;
>>                 *dst++ = *src++;
>>         }
>> --
>> 2.17.1
>>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ