From: Rob Landley <rob@landley.net>
To: Grant Likely <grant.likely@linaro.org>, Pavel Machek <pavel@denx.de>
Cc: atull <atull@opensource.altera.com>,
Pantelis Antoniou <pantelis.antoniou@konsulko.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Jason Gunthorpe <jgunthorpe@obsidianresearch.com>,
"H. Peter Anvin" <hpa@zytor.com>, Michal Simek <monstr@monstr.eu>,
Michal Simek <michal.simek@xilinx.com>,
Randy Dunlap <rdunlap@infradead.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
"devicetree@vger.kernel.org" <devicetree@vger.kernel.org>,
Rob Herring <robh+dt@kernel.org>,
Ira Snyder <iws@ovro.caltech.edu>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
Mark Brown <broonie@kernel.org>,
philip@balister.org, rubini <rubini@gnudd.com>,
Steffen Trumtrar <s.trumtrar@pengutronix.de>,
Jason <jason@lakedaemon.net>,
kyle.teske@ni.com, Nicolas Pitre <nico@linaro.org>,
Felipe Balbi <balbi@ti.com>,
Mauro Carvalho Chehab <m.chehab@samsung.com>,
David Brown <davidb@codeaurora>
Subject: Re: [PATCH v2 2/3] fpga manager: framework core
Date: Mon, 08 Dec 2014 14:53:39 -0600 [thread overview]
Message-ID: <54860FD3.6020502@landley.net> (raw)
In-Reply-To: <20141208175050.92EDAC40D73@trevor.secretlab.ca>
On 12/08/2014 11:50 AM, Grant Likely wrote:
> On Sat, 6 Dec 2014 14:55:33 +0100
> , Pavel Machek <pavel@denx.de>
> wrote:
>> Hi!
>>
>>>> I am accustomed to doing 'echo -n' for most of sysfs anyway. Once in a
>>>> while I am a bonehead and forget the '-n' and spend a few minutes
>>>> wondering why this thing that worked last week suddenly rejects all
>>>> commands. I'm just trying to make my user interface a bit user-friendly.
>>>>
>>>> I will take out the '\n' stripping and update the documentation. I didn't
>>>> realize this would be controversial.
>>>
>>> Don't. You're doing the right thing by scrubbing your input. Requiring
>>> 'echo -n' is just stupid when it is so easy to make work easily.
>>
>> 'foo\nbar\n' is unusual but valid filename in linux. It is bad idea to
>> echo filenames into files in the first place... and arbitrarily
>> disallowing certain filenames is not helping.
>
> Meh. Just because it is a valid linux filename doesn't mean this
> interface is forced to accept it. There should be tighter rules about
> how the filename can be constructed. Allowing any arbitrary path for any
> arbitrary valid linux filename makes for a large attack surface.
"echo /bin/mdev > /proc/sys/kernel/hotplug" has worked fine, without the
-n, for most of a decade now. Requiring -n on echo would be weird.
I note that the filenames in /proc/mounts have an escape syntax for
arbitrary embedded weirdness. (To see it in action, mount a path with a
space in it.) If you really want to support that, there's presumably
code that can be genericized and reappropriated so you can escape a
newline you want to keep. But if your input has a normal unescaped
trailing newline, it _should_ be ignored.
Rob
next prev parent reply other threads:[~2014-12-08 20:53 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-22 19:50 [PATCH v2 0/3] FPGA Framework with DT and sysfs support atull-yzvPICuk2ABMcg4IHK0kFoH6Mc4MB0Vx
2014-10-22 19:50 ` [PATCH v2 1/3] fpga manager: add sysfs interface document atull
2014-10-22 19:50 ` [PATCH v2 2/3] fpga manager: framework core atull
2014-10-24 10:52 ` Pavel Machek
2014-10-24 10:55 ` Pantelis Antoniou
2014-10-24 14:54 ` atull
2014-12-06 13:01 ` Grant Likely
2014-12-06 13:55 ` Pavel Machek
2014-12-08 17:50 ` Grant Likely
2014-12-08 17:56 ` Grant Likely
2014-12-08 17:56 ` Pantelis Antoniou
2014-12-08 18:30 ` Grant Likely
2014-12-08 20:53 ` Rob Landley [this message]
2014-10-24 21:00 ` One Thousand Gnomes
2014-12-06 13:00 ` Grant Likely
2014-12-06 14:02 ` Pavel Machek
[not found] ` <CACxGe6sa=ysJAjx5TQZH5sKoas1PkoUUR4zT=Z35+uF6rrk-vw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-12-08 22:55 ` One Thousand Gnomes
2014-12-09 13:11 ` Grant Likely
2014-12-09 13:42 ` Michal Simek
2014-12-09 16:07 ` atull
2014-12-09 21:02 ` One Thousand Gnomes
2014-12-09 22:12 ` atull
2014-12-12 12:14 ` Pavel Machek
2014-12-18 20:50 ` atull
2014-10-22 19:50 ` [PATCH v2 3/3] fpga manager: bus driver atull
2014-10-22 22:22 ` atull
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54860FD3.6020502@landley.net \
--to=rob@landley.net \
--cc=atull@opensource.altera.com \
--cc=balbi@ti.com \
--cc=broonie@kernel.org \
--cc=davidb@codeaurora \
--cc=devicetree@vger.kernel.org \
--cc=grant.likely@linaro.org \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=iws@ovro.caltech.edu \
--cc=jason@lakedaemon.net \
--cc=jgunthorpe@obsidianresearch.com \
--cc=kyle.teske@ni.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=m.chehab@samsung.com \
--cc=michal.simek@xilinx.com \
--cc=monstr@monstr.eu \
--cc=nico@linaro.org \
--cc=pantelis.antoniou@konsulko.com \
--cc=pavel@denx.de \
--cc=philip@balister.org \
--cc=rdunlap@infradead.org \
--cc=robh+dt@kernel.org \
--cc=rubini@gnudd.com \
--cc=s.trumtrar@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).