Re: [PATCH for-next 6/7] RDMA/rtrs: Do not allow sessname to contain special symbols / and .

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Oct 1, 2021 at 4:56 PM Leon Romanovsky <leon@xxxxxxxxxx> wrote:
>
> On Fri, Oct 01, 2021 at 02:40:24PM +0200, Jinpu Wang wrote:
> > On Thu, Sep 30, 2021 at 9:53 AM Leon Romanovsky <leon@xxxxxxxxxx> wrote:
> > >
> > > On Thu, Sep 30, 2021 at 09:10:33AM +0200, Jinpu Wang wrote:
> > > > On Thu, Sep 30, 2021 at 9:01 AM Leon Romanovsky <leon@xxxxxxxxxx> wrote:
> > > > >
> > > > > On Thu, Sep 30, 2021 at 08:03:40AM +0200, Jinpu Wang wrote:
> > > > > > On Wed, Sep 29, 2021 at 2:04 PM Leon Romanovsky <leon@xxxxxxxxxx> wrote:
> > > > > > >
> > > > > > > On Wed, Sep 29, 2021 at 09:00:56AM +0200, Jack Wang wrote:
> > > > > > > > Leon Romanovsky <leon@xxxxxxxxxx> 于2021年9月28日周二 上午9:28写道:
> > > > > > > > >
> > > > > > > > > On Tue, Sep 28, 2021 at 09:08:26AM +0200, Jack Wang wrote:
> > > > > > > > > > Leon Romanovsky <leon@xxxxxxxxxx> 于2021年9月27日周一 下午2:23写道:
> > > > > > > > > > >
> > > > > > > > > > > On Wed, Sep 22, 2021 at 02:53:32PM +0200, Md Haris Iqbal wrote:
> > > > > > > > > > > > Allowing these characters in sessname can lead to unexpected results,
> > > > > > > > > > > > particularly because / is used as a separator between files in a path,
> > > > > > > > > > > > and . points to the current directory.
> > > > > > > > > > > >
> > > > > > > > > > > > Signed-off-by: Md Haris Iqbal <haris.iqbal@xxxxxxxxx>
> > > > > > > > > > > > Reviewed-by: Gioh Kim <gi-oh.kim@xxxxxxxxx>
> > > > > > > > > > > > Reviewed-by: Aleksei Marov <aleksei.marov@xxxxxxxxx>
> > > > > > > > > > > > ---
> > > > > > > > > > > >  drivers/infiniband/ulp/rtrs/rtrs-clt.c | 6 ++++++
> > > > > > > > > > > >  drivers/infiniband/ulp/rtrs/rtrs-srv.c | 5 +++++
> > > > > > > > > > > >  2 files changed, 11 insertions(+)
> > > > > > > > > > >
> > > > > > > > > > > It will be safer if you check for only allowed symbols and disallow
> > > > > > > > > > > everything else. Check for: a-Z, 0-9 and "-".
> > > > > > > > > > >
> > > > > > > > > > Hi Leon,
> > > > > > > > > >
> > > > > > > > > > Thanks for your suggestions.
> > > > > > > > > > The reasons we choose to do disallow only '/' and '.':
> > > > > > > > > > 1 more flexible, most UNIX filenames allow any 8-bit set, except '/' and null.
> > > > > > > > >
> > > > > > > > > So you need to add all possible protections and checks that VFS has to allow "random" name.
> > > > > > > > It's only about sysfs here, as we use sessname to create dir in sysfs,
> > > > > > > > and I checked the code, it allows any 8-bit set, and convert '/' to
> > > > > > > > '!', see https://elixir.bootlin.com/linux/latest/source/lib/kobject.c#L299
> > > > > > > > >
> > > > > > > > > > 2 matching for 2 characters is faster than checking all the allowed
> > > > > > > > > > symbols during session establishment.
> > > > > > > > >
> > > > > > > > > Extra CPU cycles won't make any difference here.
> > > > > > > > As we can have hundreds of sessions, in the end, it matters.
> > > > > > >
> > > > > > > Your rtrs_clt_open() function is far from being optimized for
> > > > > > > performance. It allocates memory, iterates over all paths, creates
> > > > > > > sysfs and kobject.
> > > > > > >
> > > > > > > So no, it doesn't matter here.
> > > > > > >
> > > > > > Let me reiterate, why do we want to further slow it down, what do you
> > > > > > anticipate if we only do the disallow approach
> > > > > > as we do it now?
> > > > >
> > > > > It is common practice to sanitize user input and explicitly allow known
> > > > > good input, instead of relying on deny of bad input. We don't know the
> > > > > future and can't be sure that "deny" is actually closed all holes.
> > > >
> > > > Thanks for the clarification, but still what kind of holes do you have
> > > > in mind, the input string length is already checked and it's
> > > > not duplicated with other sessname. and sysfs does allow all 8 bit set IIUC.
> > >
> > > As an example, symbols like "/" and "\".
> > "/" aside, we already disable it.
> > I did a test, there is no problem to use "\" as sysfs name.
>
> It say nothing about future.
>
> Please change your implementation to accept only valid
> symbols and improve connection performance in other places.
>
> Thanks
Sorry, I'm really not convinced, why should we only do allowing, not
disabling in this case?

Jason, what's your suggestion?

Thanks
>
> >
> > Thanks!
> > >
> > > >
> > > > Thanks!
> > > >
> > > > > Thanks




[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Photo]     [Yosemite News]     [Yosemite Photos]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux