Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20110701120059.GL20990@elte.hu>
Date: Fri, 1 Jul 2011 14:00:59 +0200
From: Ingo Molnar <mingo@...e.hu>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Vasiliy Kulikov <segoon@...nwall.com>,
	Alan Cox <alan@...rguk.ukuu.org.uk>,
	Andrew Morton <akpm@...ux-foundation.org>,
	James Morris <jmorris@...ei.org>, Namhyung Kim <namhyung@...il.com>,
	Greg Kroah-Hartman <gregkh@...e.de>,
	kernel-hardening@...ts.openwall.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] kernel: escape non-ASCII and control characters in
 printk()


* Linus Torvalds <torvalds@...ux-foundation.org> wrote:

> On Mon, Jun 27, 2011 at 11:38 AM, Vasiliy Kulikov <segoon@...nwall.com> wrote:
> >
> > Sure, I don't propose it anymore (v2 goes without it).
> 
> What point would you like to filter things at?
> 
> I really think that user space should do its own filtering - nobody
> does a plain 'cat' on dmesg. Or if they do, they really have
> themselves to blame.
> 
> And afaik, we don't do any escape sequence handling at the console
> level either, so you cannot mess up the console with control
> characters.
> 
> And the most dangerous character seems to be one that you don't
> filter: the one we really do react to is '\n', and you could possibly
> make confusing log messages by embedding a newline in your string and
> then trying to make the rest look like something bad (say, an oops).
> 
> So I'm not entirely convinced about this filtering at all.

Yeah. It would be nice to see a demonstration of at least one 'bad 
thing' that is possible via the current code, before we protect 
against it.

The claim the patch makes is rather specific:

 | There are numerous printk() instances with user supplied input as 
 | "%s" data, and unprivileged user may craft log messages with 
 | substrings containing control characters via these printk()s.  
 | Control characters might fool root viewing the logs via tty, e.g. 
 | using ^[1A to suppress the previous log line.

So it ought to be demonstrable.

Thanks,

	Ingo

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.