Date: Sat, 26 Sep 2015 19:01:59 -0400 From: Daniel Micay <danielmicay@...il.com> To: oss-security@...ts.openwall.com Subject: Re: s/party/hack like it's 1999 On 26/09/15 06:26 PM, David Holland wrote: > On Mon, Sep 21, 2015 at 09:02:27PM +0200, Florian Weimer wrote: > > >> I have been arguing for years (but without success) that vt bomb > > >> injection needs to be blocked in the tty driver. This problem > > >> (corruption of concurrent UTF-8 streams) needs to be too, as a matter > > >> of correctness and not even security. > > > > > > How exactly would a tty driver "block" anything like this? > > > > Avoiding in-band signaling in the first place. :-/ > > Yes, that. > > > > A tty driver never looks at the data stream in the kernel, as that > > > way lies madness... > > > > Surely there is a way to prevent two writes from interleaving? For > > writes to files in O_APPEND mode, this already happens, doesn't it? > > Theoretically each write() call is supposed to be atomic; there are > presumably some limits to that in practice, especially on ptys (like > PIPE_BUF is the limit for pipes) but this doesn't help if programs > emit partial characters, as is (in general) likely. Programs that use > stdio to write to stdout are ok because stdio line-buffers stdout when > it's a tty; but that doesn't help with stderr, or with programs that > ship text around in arbitrary-sized blocks, or programs in cbreak > mode, or if you're logged in across a network that hiccups > occasionally. (Or can be made to hiccup on purpose.) > > ISTM that for safety the tty driver is going to have to know about > multibyte encodings and not let through partial characters; this is an > enormous can of worms. > > (but, let's not overreact; it's always been possible to blat out > sequences beginning with [ and hope that they'll be inserted right > after someone else's ESC.) AFAICT, POSIX only has atomicity requirements for a FIFO or pipe and I don't think Linux or other OSes offer much more in practice. Some file systems have unofficial guarantees related to the block size... http://pubs.opengroup.org/onlinepubs/9699919799/functions/write.html Am I missing something? Of course, Linux might offer the guarantee in practice for a tty, but terminals are generally portable. Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ