Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 28 Jun 2011 12:30:14 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Vasiliy Kulikov <segoon@...nwall.com>
Cc: Alan Cox <alan@...rguk.ukuu.org.uk>, Ingo Molnar <mingo@...e.hu>,
        Andrew Morton <akpm@...ux-foundation.org>,
        James Morris <jmorris@...ei.org>, Namhyung Kim <namhyung@...il.com>,
        Greg Kroah-Hartman <gregkh@...e.de>,
        kernel-hardening@...ts.openwall.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] kernel: escape non-ASCII and control characters in printk()

On Mon, Jun 27, 2011 at 11:38 AM, Vasiliy Kulikov <segoon@...nwall.com> wrote:
>
> Sure, I don't propose it anymore (v2 goes without it).

What point would you like to filter things at?

I really think that user space should do its own filtering - nobody
does a plain 'cat' on dmesg. Or if they do, they really have
themselves to blame.

And afaik, we don't do any escape sequence handling at the console
level either, so you cannot mess up the console with control
characters.

And the most dangerous character seems to be one that you don't
filter: the one we really do react to is '\n', and you could possibly
make confusing log messages by embedding a newline in your string and
then trying to make the rest look like something bad (say, an oops).

So I'm not entirely convinced about this filtering at all.

                     Linus

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.