On 9/3/20 10:54 AM, Colin Cross wrote: > On Thu, Sep 3, 2020 at 10:31 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote: >> I would prefer having strict validation of the input over escaping the >> output, so to that end how about making close to "variable name" sane: >> [-\.a-zA-Z0-9_ ] ? > > A quick skim of existing Android cases shows at least ":()" as well. > I'm not sure what you mean by validation of the input - the input to > the prctl is a userspace pointer, which is stored in the kernel for > later reads. Storing the string in the kernel at prctl time would be > infeasible. The kernel can only validate the value when producing > /proc/pid/maps. It could replace disallowed characters with _ though. > >> if it should be wider than that, how about printable minus \n \r \f \v [ ] ? > > That would work fine for Android. Looks like /proc/$pid/maps and smaps filter out \n (and probably more) for filenames. I created a file named "foo\nbar" then mmap'd it. Here's what I got: > 01324000-7f1854634000 rw-s 00000000 00:30 9308668 /home/dave/foo\012bar Can we leverage what we already do for filenames?
