|
Message-ID: <20110701143757.GA22567@albatros> Date: Fri, 1 Jul 2011 18:37:57 +0400 From: Vasiliy Kulikov <segoon@...nwall.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Alan Cox <alan@...rguk.ukuu.org.uk>, Ingo Molnar <mingo@...e.hu>, Andrew Morton <akpm@...ux-foundation.org>, James Morris <jmorris@...ei.org>, Namhyung Kim <namhyung@...il.com>, Greg Kroah-Hartman <gregkh@...e.de>, kernel-hardening@...ts.openwall.com, linux-kernel@...r.kernel.org Subject: Re: [PATCH v2] kernel: escape non-ASCII and control characters in printk() On Tue, Jun 28, 2011 at 12:30 -0700, Linus Torvalds wrote: > And the most dangerous character seems to be one that you don't > filter: the one we really do react to is '\n', and you could possibly > make confusing log messages by embedding a newline in your string and > then trying to make the rest look like something bad (say, an oops). Btw, I've already outlined this problem in patch v1 comment, but received no single comment on the suggested 2 possible ways: http://www.openwall.com/lists/kernel-hardening/2011/06/22/2 "This patch does nothing with crafted "%s" data with '\n' inside. It allows unprivileged user to craft arbitrary log messages via breaking log lines boundaries. It is a bit tricky to fix it compatible way. Limiting "%s" to one line in vscnprintf() would break legitimate users of the multiline feature. Intoducing new "%S" format for single lines makes little sense as there are tons of printk() calls that should be already restricted to one line. Proposals about '\n' inside of '%s" are welcome." -- Vasiliy Kulikov http://www.openwall.com - bringing security into open computing environments
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.