On Tue, Jun 29, 2010 at 10:36:50AM +0100, Alan Cox wrote: > > Through get_task_comm() and many direct uses of task->comm in the kernel, > > it is possible for escape codes and other non-printables to leak into > > dmesg, syslog, etc. In the worst case, these strings could be used to > > attack administrators using vulnerable terminal emulators, and at least > > cause confusion through the injection of \r characters. > > If an administrator has a vulnerable terminal emulator they have other > problems. Totally agreed. > Please do any filtering you must in the yama security module where it > only affects that. One way to approach it without losing data within the > module might be to use HTML style encoding within Yama so your own tools > can undo the 'sanitizing' rather than losing information ? I'm not interested in sanitizing this in Yama. The use of task->comm via printk was seen as a flaw. I didn't agree (see above about terminal), and suggested that if it was a flaw, it was a flaw with printk or task->comm itself. Since "fixing" both of those have been vetoed, I have no more interest in the filtering. What I do have interest in is fixing get_task_comm's use of buffers, which is theoretically problematic in some future where someone accidentally calls it with a buffer smaller than sizeof(task->comm). I'll send a patch that only fixes that and leaves out the filtering. -Kees -- Kees Cook Ubuntu Security Team -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
