> Through get_task_comm() and many direct uses of task->comm in the kernel, > it is possible for escape codes and other non-printables to leak into > dmesg, syslog, etc. In the worst case, these strings could be used to > attack administrators using vulnerable terminal emulators, and at least > cause confusion through the injection of \r characters. If an administrator has a vulnerable terminal emulator they have other problems. > This patch sanitizes task->comm to only contain printable characters > when it is set. Additionally, it redefines get_task_comm so that it is > more obvious when misused by callers (presently nothing was incorrectly > calling get_task_comm's unsafe use of strncpy). This is a regression for tools that correctly handle unmutilated data. > + /* sanitize non-printable characters */ > + for (i = 0; buf[i] && i < (sizeof(tsk->comm) - 1); i++) { > + if (!isprint(buf[i])) > + tsk->comm[i] = '?'; The kernel "isprint" isn't adequate for this. comm is set by the shell based on argv[0] usually which means that in normal situations it is a UTF-8 string. Please do any filtering you must in the yama security module where it only affects that. One way to approach it without losing data within the module might be to use HTML style encoding within Yama so your own tools can undo the 'sanitizing' rather than losing information ? Ideally you want to the dev/inode pair of the thing being executed printed as well - that will give real information for security purposes, while the ->comm data is much more convenient for general debugging and investigation than having to keep looking them up. Alan -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html