|
Message-ID: <20110701154947.133c30f5@lxorguk.ukuu.org.uk> Date: Fri, 1 Jul 2011 15:49:47 +0100 From: Alan Cox <alan@...rguk.ukuu.org.uk> To: Vasiliy Kulikov <segoon@...nwall.com> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Ingo Molnar <mingo@...e.hu>, Andrew Morton <akpm@...ux-foundation.org>, James Morris <jmorris@...ei.org>, Namhyung Kim <namhyung@...il.com>, Greg Kroah-Hartman <gregkh@...e.de>, kernel-hardening@...ts.openwall.com, linux-kernel@...r.kernel.org Subject: Re: [PATCH v2] kernel: escape non-ASCII and control characters in printk() > of the multiline feature. Intoducing new "%S" format for single lines > makes little sense as there are tons of printk() calls that should be > already restricted to one line. You don't need a new format string surely. Your expectation for printk is "multiple new lines are cool providing they are in the format string" So that bit isn't hard to deal with, You make vprintk take an extra arg (trusted/untrusted args) You make printk pass 'untrusted' You make %s quote the arguments for control codes if untrusted is set but you don't mangle format string controls. End of problem ? At which point your attacker has more work to do but given a long string yawns and stars using the right number of spaces for the likely 80 col screen :)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.