[Noting that I know next-to-nothing about kernel programming,
but I have been down this particular road before...]
Russell King wrote:
> Maybe flush_old_exec() should be a little more careful
> about what it copies, changing non-alphanumeric characters
> to '?' ?
I'm not sure it can do that, if the kernel policy is to
be 8-bit clean (to allow UTF-8 to work without coding
UTF-8 knowledge into the kernel).
What the code could do is not printk() user-influenced strings
at all. For example, mm/oom_kill.c could print just the process
ID here:
printk(KERN_ERR "Out of Memory: Killed process %d (%s).\n",
p->pid, p->comm);
The usual solution to this problem is to mark user-derived
strings as tainted and then check for the taint attribute
when strings are requested to be output. But since this
is a kernel I don't suppose you'd be keen doing that :-)
I suppose you need a policy decision -- are strings scrubbed
on input (I've coded this once and it is really quite tricky).
And then do you need a scrubbed and non-scrubbed version of
p->comm (as comparing scrubbed p->comm for equality is
problematic and probably expolitable). Or do you simply not
output strings which have been tainted by contact with users.
--
Glen Turner Tel: (08) 8303 3936 or +61 8 8303 3936
Australia's Academic & Research Network www.aarnet.edu.au
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
