lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Thu, 5 Mar 2020 08:05:35 -0800
From:   Stephen Hemminger <stephen@...workplumber.org>
To:     bugzilla-daemon@...zilla.kernel.org, netdev@...r.kernel.org
Subject: Re: [Bug 206761] New: escape codes in network interface names
 causes chaos

On Thu, 05 Mar 2020 10:42:39 +0000
bugzilla-daemon@...zilla.kernel.org wrote:

> https://bugzilla.kernel.org/show_bug.cgi?id=206761
> 
>             Bug ID: 206761
>            Summary: escape codes in network interface names causes chaos
>            Product: Networking
>            Version: 2.5
>     Kernel Version: 5.6
>           Hardware: All
>                 OS: Linux
>               Tree: Mainline
>             Status: NEW
>           Severity: normal
>           Priority: P1
>          Component: Other
>           Assignee: stephen@...workplumber.org
>           Reporter: george.shuklin@...il.com
>         Regression: No
> 
> netlink permits creation of interfaces with escape codes. Suck names can trick
> root by drawing at random places in terminal.
> 
> 
> Minimal proof of concept:
> 
> 
> echo -e '\x1B[2J'|xargs -I I ip link add I type dummy
> ip l
> 
> 
> (rollback): echo -e '\x1B[2J'|xargs -I I ip link del I
> 

My opinion is that this is not a problem that can be addressed without breaking kernel ABI.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ