On Wed, Jun 26, 2019 at 09:16:44PM -0700, Kees Cook wrote: > Right -- any they're almost all logged surrounded by ' or " which means > those would need to be escaped as well. The prism2 is leaking newlines > too, as well as the thunderbolt sysfs printing. > > So... seems like we should fix this. :P ... > I think we need to make the default produce "loggable" output. > non-ascii, non-printables, \, ', and " need to be escaped. Maybe " " > too? OK, so I think the first step is to take a closer look at the users of the default %*pE. If there are any that look like they'd be broken by a change, we should make patches moving to something else, then we can change the default. Then we can also replace ESCAPE_ANY and ESCAPE_NP--that "don't escape printable" logic is confusing and makes it hard to add more types of escaping. And it appears to only be used by %*pE. --b
