From: Kees Cook <keescook@chromium.org>
To: Steven Rostedt <rostedt@goodmis.org>
Cc: Masami Hiramatsu <mhiramat@kernel.org>,
Ingo Molnar <mingo@redhat.com>,
Frank Rowand <frowand.list@gmail.com>,
Randy Dunlap <rdunlap@infradead.org>,
Namhyung Kim <namhyung@kernel.org>, Tim Bird <Tim.Bird@sony.com>,
Jiri Olsa <jolsa@redhat.com>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Tom Zanussi <tom.zanussi@linux.intel.com>,
Rob Herring <robh+dt@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Thomas Gleixner <tglx@linutronix.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Alexey Dobriyan <adobriyan@gmail.com>,
Jonathan Corbet <corbet@lwn.net>,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-doc@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v6 08/22] bootconfig: init: Allow admin to use bootconfig for init command line
Date: Fri, 7 Feb 2020 16:44:49 -0800 [thread overview]
Message-ID: <202002071640.49BFDA2D1A@keescook> (raw)
In-Reply-To: <20200207144603.30688b94@oasis.local.home>
On Fri, Feb 07, 2020 at 02:46:03PM -0500, Steven Rostedt wrote:
> On Fri, 7 Feb 2020 10:03:16 -0800
> Kees Cook <keescook@chromium.org> wrote:
> > > + len = strlen(saved_command_line);
> > > + if (!strstr(boot_command_line, " -- ")) {
> > > + strcpy(saved_command_line + len, " -- ");
> > > + len += 4;
> > > + } else
> > > + saved_command_line[len++] = ' ';
> > > +
> > > + strcpy(saved_command_line + len, extra_init_args);
> > > + }
> >
> > This isn't safe because it will destroy any argument with " -- " in
> > quotes and anything after it. For example, booting with:
> >
> > thing=on acpi_osi="! -- " other=setting
> >
> > will wreck acpi_osi's value and potentially overwrite "other=settings",
> > etc.
> >
> > (Yes, this seems very unlikely, but you can't treat " -- " as special,
> > the command line string must be correct parsed for double quotes, as
> > parse_args() does.)
> >
>
> This is not the args you are looking for. ;-)
>
> There is a slight bug, but not as bad as you may think it is.
> bootconfig (when added to the command line) will look for a json like
> file appended to the initrd, and it will parse that. That's what all the
> xbc_*() functions do (extended boot commandline). If one of the options
> in that json like file is "init", then it will create the
> extra_init_args, which will make ilen greater than zero.
>
> The above if statement looks for that ' -- ', and if it doesn't find it
> (strcmp() returns NULL when not found) it will than append " -- " to
> the boot_command_line. If it is found, then the " -- " is not added. In
> either case, the init args found in the json like file in the initrd is
> appended to the saved_command_line.
>
> I did say there's a slight bug here. If you have your condition, and
> you add init arguments to that json file, it wont properly add the " --
> ", and the init arguments in that file will be ignored.
Ah, right, it's even more slight, sorry, I had the strstr() in my head
still. So, yes, with an "init" section and a very goofy " -- " present
in a kernel bootparam string value, the appended init args will be
parsed as kernel options.
--
Kees Cook
next prev parent reply other threads:[~2020-02-08 0:44 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-10 16:03 [PATCH v6 00/22] tracing: bootconfig: Boot-time tracing and Extra boot config Masami Hiramatsu
2020-01-10 16:03 ` [PATCH v6 01/22] bootconfig: Add Extra Boot Config support Masami Hiramatsu
2020-01-18 18:33 ` Randy Dunlap
2020-01-19 12:23 ` Masami Hiramatsu
2020-01-10 16:03 ` [PATCH v6 02/22] bootconfig: Load boot config from the tail of initrd Masami Hiramatsu
2020-01-10 16:03 ` [PATCH v6 03/22] tools: bootconfig: Add bootconfig command Masami Hiramatsu
2020-01-10 16:04 ` [PATCH v6 04/22] tools: bootconfig: Add bootconfig test script Masami Hiramatsu
2020-01-10 16:04 ` [PATCH v6 05/22] proc: bootconfig: Add /proc/bootconfig to show boot config list Masami Hiramatsu
2020-01-10 16:04 ` [PATCH v6 06/22] init/main.c: Alloc initcall_command_line in do_initcall() and free it Masami Hiramatsu
2020-01-10 16:04 ` [PATCH v6 07/22] bootconfig: init: Allow admin to use bootconfig for kernel command line Masami Hiramatsu
2020-01-10 16:04 ` [PATCH v6 08/22] bootconfig: init: Allow admin to use bootconfig for init " Masami Hiramatsu
2020-02-07 18:03 ` Kees Cook
2020-02-07 19:31 ` Arvind Sankar
2020-02-07 19:46 ` Steven Rostedt
2020-02-08 0:44 ` Kees Cook [this message]
2020-08-02 2:33 ` Arvind Sankar
2020-08-03 15:03 ` Masami Hiramatsu
2020-08-03 15:29 ` Arvind Sankar
2020-08-03 17:22 ` Steven Rostedt
2020-08-04 0:29 ` Masami Hiramatsu
2020-01-10 16:05 ` [PATCH v6 09/22] Documentation: bootconfig: Add a doc for extended boot config Masami Hiramatsu
2020-01-18 18:28 ` Randy Dunlap
2020-01-19 13:36 ` Masami Hiramatsu
2020-01-10 16:05 ` [PATCH v6 10/22] tracing: Apply soft-disabled and filter to tracepoints printk Masami Hiramatsu
2020-01-10 16:05 ` [PATCH v6 11/22] tracing: kprobes: Output kprobe event to printk buffer Masami Hiramatsu
2020-01-10 16:05 ` [PATCH v6 12/22] tracing: kprobes: Register to dynevent earlier stage Masami Hiramatsu
2020-01-10 16:05 ` [PATCH v6 13/22] tracing: Accept different type for synthetic event fields Masami Hiramatsu
2020-01-10 16:06 ` [PATCH v6 14/22] tracing: Add NULL trace-array check in print_synth_event() Masami Hiramatsu
2020-01-10 16:06 ` [PATCH v6 15/22] tracing/boot: Add boot-time tracing Masami Hiramatsu
2020-01-10 16:06 ` [PATCH v6 16/22] tracing/boot: Add per-event settings Masami Hiramatsu
2020-01-10 16:06 ` [PATCH v6 17/22] tracing/boot Add kprobe event support Masami Hiramatsu
2020-01-10 16:06 ` [PATCH v6 18/22] tracing/boot: Add synthetic " Masami Hiramatsu
2020-01-10 16:07 ` [PATCH v6 19/22] tracing/boot: Add instance node support Masami Hiramatsu
2020-01-10 16:07 ` [PATCH v6 20/22] tracing/boot: Add cpu_mask option support Masami Hiramatsu
2020-01-10 16:07 ` [PATCH v6 21/22] tracing/boot: Add function tracer filter options Masami Hiramatsu
2020-01-10 16:07 ` [PATCH v6 22/22] Documentation: tracing: Add boot-time tracing document Masami Hiramatsu
2020-01-18 18:14 ` Randy Dunlap
2020-01-19 14:15 ` Masami Hiramatsu
2020-01-19 14:20 ` [PATCH v6 00/22] tracing: bootconfig: Boot-time tracing and Extra boot config Masami Hiramatsu
2020-01-19 14:59 ` Steven Rostedt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202002071640.49BFDA2D1A@keescook \
--to=keescook@chromium.org \
--cc=Tim.Bird@sony.com \
--cc=acme@kernel.org \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=corbet@lwn.net \
--cc=frowand.list@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=jolsa@redhat.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mhiramat@kernel.org \
--cc=mingo@redhat.com \
--cc=namhyung@kernel.org \
--cc=rdunlap@infradead.org \
--cc=robh+dt@kernel.org \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
--cc=tom.zanussi@linux.intel.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.