Date: Sun, 3 Jul 2011 10:42:45 -0700 From: Linus Torvalds <torvalds@...ux-foundation.org> To: Vasiliy Kulikov <segoon@...nwall.com> Cc: Alan Cox <alan@...rguk.ukuu.org.uk>, Ingo Molnar <mingo@...e.hu>, Andrew Morton <akpm@...ux-foundation.org>, James Morris <jmorris@...ei.org>, Namhyung Kim <namhyung@...il.com>, Greg Kroah-Hartman <gregkh@...e.de>, kernel-hardening@...ts.openwall.com, linux-kernel@...r.kernel.org Subject: Re: [PATCH v2] kernel: escape non-ASCII and control characters in printk() On Sun, Jul 3, 2011 at 3:01 AM, Vasiliy Kulikov <segoon@...nwall.com> wrote: > > Sigh... After implementing controls filtering including \n inside of > %s, I got numerous false positives. Most of them are startup messages > with driver/hardware name/version, in drivers/. Yeah, I was afraid of that. It's going to be a much bigger patch, and likely somewhat annoying. That said, if we really want to do this, I think doing it with %s filtering is the only way, and it would make the default case where people really don't think about possible user-supplied strings be safe. So saying "%s is for pure 7-bit ASCII with no control codes" is annoying, but would really fix it. That said, I think it should be unconditional. None of this "safe vs unsafe" flags, and none of this "printk format strings are different from other vsprintf format strings". If special characters are a potential security problem for printk(), then they are a potential security problem for other things (eg /proc filenames or content etc). Linus
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.