From: Kees Cook <kees.cook@canonical.com>
To: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: linux-kernel@vger.kernel.org, Greg Kroah-Hartman <gregkh@suse.de>,
Andrew Morton <akpm@linux-foundation.org>,
Tejun Heo <tj@kernel.org>, Veaceslav Falico <vfalico@redhat.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Oleg Nesterov <oleg@redhat.com>,
KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>,
Neil Horman <nhorman@tuxdriver.com>,
Roland McGrath <roland@redhat.com>, Ingo Molnar <mingo@elte.hu>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>,
Stefani Seibold <stefani@seibold.net>,
Thomas Gleixner <tglx@linutronix.de>,
Eric Paris <eparis@redhat.com>, James Morris <jmorris@namei.org>,
"Andrew G. Morgan" <morgan@kernel.org>,
Dhaval Giani <dhaval.giani@gmail.com>,
"Serge E. Hallyn" <serue@us.ibm.com>,
Steve Grubb <sgrubb@redhat.com>, Christoph Hellwig <hch@lst.de>,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH v2] sanitize task->comm to avoid leaking escape codes
Date: Tue, 29 Jun 2010 07:51:37 -0700 [thread overview]
Message-ID: <20100629145137.GD4175@outflux.net> (raw)
In-Reply-To: <20100629103650.3b80e09f@lxorguk.ukuu.org.uk>
On Tue, Jun 29, 2010 at 10:36:50AM +0100, Alan Cox wrote:
> > Through get_task_comm() and many direct uses of task->comm in the kernel,
> > it is possible for escape codes and other non-printables to leak into
> > dmesg, syslog, etc. In the worst case, these strings could be used to
> > attack administrators using vulnerable terminal emulators, and at least
> > cause confusion through the injection of \r characters.
>
> If an administrator has a vulnerable terminal emulator they have other
> problems.
Totally agreed.
> Please do any filtering you must in the yama security module where it
> only affects that. One way to approach it without losing data within the
> module might be to use HTML style encoding within Yama so your own tools
> can undo the 'sanitizing' rather than losing information ?
I'm not interested in sanitizing this in Yama. The use of task->comm via
printk was seen as a flaw. I didn't agree (see above about terminal),
and suggested that if it was a flaw, it was a flaw with printk or
task->comm itself. Since "fixing" both of those have been vetoed,
I have no more interest in the filtering.
What I do have interest in is fixing get_task_comm's use of buffers, which
is theoretically problematic in some future where someone accidentally
calls it with a buffer smaller than sizeof(task->comm).
I'll send a patch that only fixes that and leaves out the filtering.
-Kees
--
Kees Cook
Ubuntu Security Team
next prev parent reply other threads:[~2010-06-29 14:51 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-24 19:05 [PATCH v2] sanitize task->comm to avoid leaking escape codes Kees Cook
2010-06-24 23:56 ` KOSAKI Motohiro
2010-06-28 17:48 ` Stefani Seibold
2010-06-28 18:04 ` Kees Cook
2010-06-29 3:05 ` KOSAKI Motohiro
2010-06-29 12:58 ` Steve Grubb
2010-06-30 0:16 ` KOSAKI Motohiro
2010-06-30 0:22 ` Steve Grubb
2010-06-30 0:28 ` KOSAKI Motohiro
2010-06-29 9:36 ` Alan Cox
2010-06-29 14:51 ` Kees Cook [this message]
2010-06-30 9:13 ` Alan Cox
2010-06-30 0:31 ` KOSAKI Motohiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100629145137.GD4175@outflux.net \
--to=kees.cook@canonical.com \
--cc=a.p.zijlstra@chello.nl \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=dhaval.giani@gmail.com \
--cc=eparis@redhat.com \
--cc=gregkh@suse.de \
--cc=hch@lst.de \
--cc=jmorris@namei.org \
--cc=kosaki.motohiro@jp.fujitsu.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=morgan@kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=oleg@redhat.com \
--cc=roland@redhat.com \
--cc=serue@us.ibm.com \
--cc=seto.hidetoshi@jp.fujitsu.com \
--cc=sgrubb@redhat.com \
--cc=stefani@seibold.net \
--cc=tglx@linutronix.de \
--cc=tj@kernel.org \
--cc=vfalico@redhat.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).