From: Rob Landley <rob@landley.net>
To: Grant Likely <grant.likely@linaro.org>, Pavel Machek <pavel@denx.de>
Cc: atull <atull@opensource.altera.com>,
Pantelis Antoniou <pantelis.antoniou@konsulko.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Jason Gunthorpe <jgunthorpe@obsidianresearch.com>,
"H. Peter Anvin" <hpa@zytor.com>, Michal Simek <monstr@monstr.eu>,
Michal Simek <michal.simek@xilinx.com>,
Randy Dunlap <rdunlap@infradead.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
"devicetree@vger.kernel.org" <devicetree@vger.kernel.org>,
Rob Herring <robh+dt@kernel.org>,
Ira Snyder <iws@ovro.caltech.edu>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
Mark Brown <broonie@kernel.org>,
philip@balister.org, rubini <rubini@gnudd.com>,
Steffen Trumtrar <s.trumtrar@pengutronix.de>,
Jason <jason@lakedaemon.net>,
kyle.teske@ni.com, Nicolas Pitre <nico@linaro.org>,
Felipe Balbi <balbi@ti.com>,
Mauro Carvalho Chehab <m.chehab@samsung.com>,
David Brown <davidb@codeaurora>
Subject: Re: [PATCH v2 2/3] fpga manager: framework core
Date: Mon, 08 Dec 2014 14:53:39 -0600 [thread overview]
Message-ID: <54860FD3.6020502@landley.net> (raw)
In-Reply-To: <20141208175050.92EDAC40D73@trevor.secretlab.ca>
On 12/08/2014 11:50 AM, Grant Likely wrote:
> On Sat, 6 Dec 2014 14:55:33 +0100
> , Pavel Machek <pavel@denx.de>
> wrote:
>> Hi!
>>
>>>> I am accustomed to doing 'echo -n' for most of sysfs anyway. Once in a
>>>> while I am a bonehead and forget the '-n' and spend a few minutes
>>>> wondering why this thing that worked last week suddenly rejects all
>>>> commands. I'm just trying to make my user interface a bit user-friendly.
>>>>
>>>> I will take out the '\n' stripping and update the documentation. I didn't
>>>> realize this would be controversial.
>>>
>>> Don't. You're doing the right thing by scrubbing your input. Requiring
>>> 'echo -n' is just stupid when it is so easy to make work easily.
>>
>> 'foo\nbar\n' is unusual but valid filename in linux. It is bad idea to
>> echo filenames into files in the first place... and arbitrarily
>> disallowing certain filenames is not helping.
>
> Meh. Just because it is a valid linux filename doesn't mean this
> interface is forced to accept it. There should be tighter rules about
> how the filename can be constructed. Allowing any arbitrary path for any
> arbitrary valid linux filename makes for a large attack surface.
"echo /bin/mdev > /proc/sys/kernel/hotplug" has worked fine, without the
-n, for most of a decade now. Requiring -n on echo would be weird.
I note that the filenames in /proc/mounts have an escape syntax for
arbitrary embedded weirdness. (To see it in action, mount a path with a
space in it.) If you really want to support that, there's presumably
code that can be genericized and reappropriated so you can escape a
newline you want to keep. But if your input has a normal unescaped
trailing newline, it _should_ be ignored.
Rob
WARNING: multiple messages have this Message-ID (diff)
From: Rob Landley <rob@landley.net>
To: Grant Likely <grant.likely@linaro.org>, Pavel Machek <pavel@denx.de>
Cc: atull <atull@opensource.altera.com>,
Pantelis Antoniou <pantelis.antoniou@konsulko.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Jason Gunthorpe <jgunthorpe@obsidianresearch.com>,
"H. Peter Anvin" <hpa@zytor.com>, Michal Simek <monstr@monstr.eu>,
Michal Simek <michal.simek@xilinx.com>,
Randy Dunlap <rdunlap@infradead.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
"devicetree@vger.kernel.org" <devicetree@vger.kernel.org>,
Rob Herring <robh+dt@kernel.org>,
Ira Snyder <iws@ovro.caltech.edu>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
Mark Brown <broonie@kernel.org>,
philip@balister.org, rubini <rubini@gnudd.com>,
Steffen Trumtrar <s.trumtrar@pengutronix.de>,
Jason <jason@lakedaemon.net>,
kyle.teske@ni.com, Nicolas Pitre <nico@linaro.org>,
Felipe Balbi <balbi@ti.com>,
Mauro Carvalho Chehab <m.chehab@samsung.com>,
David Brown <davidb@codeaurora.org>,
David Miller <davem@davemloft.net>,
cesarb@cesarb.net,
"sameo@linux.intel.com" <sameo@linux.intel.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Walleij <linus.walleij@linaro.org>,
Alan Tull <delicious.quinoa@gmail.com>,
dinguyen@opensource.altera.com,
Yves Vandervennet <yvanderv@opensource.altera.com>
Subject: Re: [PATCH v2 2/3] fpga manager: framework core
Date: Mon, 08 Dec 2014 14:53:39 -0600 [thread overview]
Message-ID: <54860FD3.6020502@landley.net> (raw)
In-Reply-To: <20141208175050.92EDAC40D73@trevor.secretlab.ca>
On 12/08/2014 11:50 AM, Grant Likely wrote:
> On Sat, 6 Dec 2014 14:55:33 +0100
> , Pavel Machek <pavel@denx.de>
> wrote:
>> Hi!
>>
>>>> I am accustomed to doing 'echo -n' for most of sysfs anyway. Once in a
>>>> while I am a bonehead and forget the '-n' and spend a few minutes
>>>> wondering why this thing that worked last week suddenly rejects all
>>>> commands. I'm just trying to make my user interface a bit user-friendly.
>>>>
>>>> I will take out the '\n' stripping and update the documentation. I didn't
>>>> realize this would be controversial.
>>>
>>> Don't. You're doing the right thing by scrubbing your input. Requiring
>>> 'echo -n' is just stupid when it is so easy to make work easily.
>>
>> 'foo\nbar\n' is unusual but valid filename in linux. It is bad idea to
>> echo filenames into files in the first place... and arbitrarily
>> disallowing certain filenames is not helping.
>
> Meh. Just because it is a valid linux filename doesn't mean this
> interface is forced to accept it. There should be tighter rules about
> how the filename can be constructed. Allowing any arbitrary path for any
> arbitrary valid linux filename makes for a large attack surface.
"echo /bin/mdev > /proc/sys/kernel/hotplug" has worked fine, without the
-n, for most of a decade now. Requiring -n on echo would be weird.
I note that the filenames in /proc/mounts have an escape syntax for
arbitrary embedded weirdness. (To see it in action, mount a path with a
space in it.) If you really want to support that, there's presumably
code that can be genericized and reappropriated so you can escape a
newline you want to keep. But if your input has a normal unescaped
trailing newline, it _should_ be ignored.
Rob
next prev parent reply other threads:[~2014-12-08 20:53 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-22 19:50 [PATCH v2 0/3] FPGA Framework with DT and sysfs support atull-yzvPICuk2ABMcg4IHK0kFoH6Mc4MB0Vx
2014-10-22 19:50 ` atull
2014-10-22 19:50 ` [PATCH v2 1/3] fpga manager: add sysfs interface document atull
2014-10-22 19:50 ` atull
2014-10-22 19:50 ` [PATCH v2 2/3] fpga manager: framework core atull
2014-10-22 19:50 ` atull
2014-10-24 10:52 ` Pavel Machek
2014-10-24 10:55 ` Pantelis Antoniou
2014-10-24 10:55 ` Pantelis Antoniou
2014-10-24 14:54 ` atull
2014-10-24 14:54 ` atull
2014-12-06 13:01 ` Grant Likely
2014-12-06 13:01 ` Grant Likely
2014-12-06 13:55 ` Pavel Machek
2014-12-06 13:55 ` Pavel Machek
2014-12-08 17:50 ` Grant Likely
2014-12-08 17:50 ` Grant Likely
2014-12-08 17:56 ` Grant Likely
2014-12-08 17:56 ` Grant Likely
2014-12-08 17:56 ` Pantelis Antoniou
2014-12-08 17:56 ` Pantelis Antoniou
2014-12-08 18:30 ` Grant Likely
2014-12-08 18:30 ` Grant Likely
2014-12-08 20:53 ` Rob Landley [this message]
2014-12-08 20:53 ` Rob Landley
2014-10-24 21:00 ` One Thousand Gnomes
2014-12-06 13:00 ` Grant Likely
2014-12-06 13:00 ` Grant Likely
2014-12-06 14:02 ` Pavel Machek
2014-12-06 14:02 ` Pavel Machek
[not found] ` <CACxGe6sa=ysJAjx5TQZH5sKoas1PkoUUR4zT=Z35+uF6rrk-vw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-12-08 22:55 ` One Thousand Gnomes
2014-12-08 22:55 ` One Thousand Gnomes
2014-12-09 13:11 ` Grant Likely
2014-12-09 13:11 ` Grant Likely
2014-12-09 13:42 ` Michal Simek
2014-12-09 13:42 ` Michal Simek
2014-12-09 16:07 ` atull
2014-12-09 16:07 ` atull
2014-12-09 21:02 ` One Thousand Gnomes
2014-12-09 21:02 ` One Thousand Gnomes
2014-12-09 22:12 ` atull
2014-12-09 22:12 ` atull
2014-12-12 12:14 ` Pavel Machek
2014-12-12 12:14 ` Pavel Machek
2014-12-18 20:50 ` atull
2014-12-18 20:50 ` atull
2014-10-22 19:50 ` [PATCH v2 3/3] fpga manager: bus driver atull
2014-10-22 19:50 ` atull
2014-10-22 22:22 ` atull
2014-10-22 22:22 ` atull
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54860FD3.6020502@landley.net \
--to=rob@landley.net \
--cc=atull@opensource.altera.com \
--cc=balbi@ti.com \
--cc=broonie@kernel.org \
--cc=davidb@codeaurora \
--cc=devicetree@vger.kernel.org \
--cc=grant.likely@linaro.org \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=iws@ovro.caltech.edu \
--cc=jason@lakedaemon.net \
--cc=jgunthorpe@obsidianresearch.com \
--cc=kyle.teske@ni.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=m.chehab@samsung.com \
--cc=michal.simek@xilinx.com \
--cc=monstr@monstr.eu \
--cc=nico@linaro.org \
--cc=pantelis.antoniou@konsulko.com \
--cc=pavel@denx.de \
--cc=philip@balister.org \
--cc=rdunlap@infradead.org \
--cc=robh+dt@kernel.org \
--cc=rubini@gnudd.com \
--cc=s.trumtrar@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.