From: David Disseldorp <ddiss@suse.de>
To: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org, Christian Brauner <brauner@kernel.org>
Subject: Re: [PATCH] initramfs: avoid filename buffer overrun
Date: Wed, 30 Oct 2024 01:42:39 +0000 [thread overview]
Message-ID: <20241030014239.2fb3d4ab.ddiss@suse.de> (raw)
In-Reply-To: <20241029183520.GE1350452@ZenIV>
On Tue, 29 Oct 2024 18:35:20 +0000, Al Viro wrote:
> On Tue, Oct 29, 2024 at 12:48:37PM +0000, David Disseldorp wrote:
...
> > + if (collected[name_len - 1] != '\0') {
> > + pr_err("Skipping symlink without nulterm: %.*s\n",
> > + (int)name_len, collected);
>
> I'm not sure pr_err() and continue is a good approach here -
> you'd been given a corrupted image, so there's no point trying
> to do anything further with it. Have it return 1, at least,
> and preferably use error("buggered symlink") in addition or
> instead of your pr_err().
I was following the name_len > PATH_MAX handling, but failing
immediately makes more sense here. Will change in v2.
> FWIW, it's _not_ about trying to stop an attack - if you get there with
> image contents controlled by attacker, you have already hopelessly lost;
> no buffer overruns are needed.
>
> It does catch corrupted images, which is the right thing to do, but it's
> not a security issue.
Agreed. I'll rework the commit message to more clearly state that
initramfs image write access is required, at which point all bets are
off.
prev parent reply other threads:[~2024-10-30 1:43 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-29 12:48 [PATCH] initramfs: avoid filename buffer overrun David Disseldorp
2024-10-29 18:35 ` Al Viro
2024-10-30 1:42 ` David Disseldorp [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241030014239.2fb3d4ab.ddiss@suse.de \
--to=ddiss@suse.de \
--cc=brauner@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox