Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 26 Sep 2015 19:01:59 -0400
From: Daniel Micay <danielmicay@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: s/party/hack like it's 1999

On 26/09/15 06:26 PM, David Holland wrote:
> On Mon, Sep 21, 2015 at 09:02:27PM +0200, Florian Weimer wrote:
>  > >> I have been arguing for years (but without success) that vt bomb
>  > >> injection needs to be blocked in the tty driver. This problem
>  > >> (corruption of concurrent UTF-8 streams) needs to be too, as a matter
>  > >> of correctness and not even security.
>  > >
>  > > How exactly would a tty driver "block" anything like this?
>  > 
>  > Avoiding in-band signaling in the first place. :-/
> 
> Yes, that.
> 
>  > > A tty driver never looks at the data stream in the kernel, as that
>  > > way lies madness...
>  > 
>  > Surely there is a way to prevent two writes from interleaving?  For
>  > writes to files in O_APPEND mode, this already happens, doesn't it?
> 
> Theoretically each write() call is supposed to be atomic; there are
> presumably some limits to that in practice, especially on ptys (like
> PIPE_BUF is the limit for pipes) but this doesn't help if programs
> emit partial characters, as is (in general) likely. Programs that use
> stdio to write to stdout are ok because stdio line-buffers stdout when
> it's a tty; but that doesn't help with stderr, or with programs that
> ship text around in arbitrary-sized blocks, or programs in cbreak
> mode, or if you're logged in across a network that hiccups
> occasionally. (Or can be made to hiccup on purpose.)
> 
> ISTM that for safety the tty driver is going to have to know about
> multibyte encodings and not let through partial characters; this is an
> enormous can of worms.
> 
> (but, let's not overreact; it's always been possible to blat out
> sequences beginning with [ and hope that they'll be inserted right
> after someone else's ESC.)

AFAICT, POSIX only has atomicity requirements for a FIFO or pipe and I
don't think Linux or other OSes offer much more in practice. Some file
systems have unofficial guarantees related to the block size...

http://pubs.opengroup.org/onlinepubs/9699919799/functions/write.html

Am I missing something? Of course, Linux might offer the guarantee in
practice for a tty, but terminals are generally portable.


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ