2011/4/16 Joshua Brindle <method@xxxxxxxxxxxxxxx>:
> Kohei KaiGai wrote:
>>
>> This patch allows to accept percent-encoded object name as the forth
>> argument of /selinux/create interface to avoid possible bugs when we
>> supply an object name that includes whitespace or multibytes.
>
> Why not use standard bash escaping instead of html entities?
>
Does bash has a way to escape multibyte characters safety?
Here are various number of multibyte encoding systems rather than unicode.
For example, Japanese has three major encoding; EUC, JIS and Shift-JIS.
If we try to use the code 0x5c ('\') as escape sequence, we may have
possible trouble on the Shift-JIS environment, because it contains several
characters that use 0x5c as second character.
The bad news is Shift-JIS was the default encoding system delivered from
MS-DOS, so it is still popular on Linux systems migrated from legacy ones. :-(
Of course, we have many language support, I don't know what side effects
may happen on a particular environment.
So, it seems to me the assumption of percentage-encoding is enough
conservative to deliver an object name from userspace to kernel.
Thanks,
>> Although I could not test this patch on named TYPE_TRANSITION rules,
>> but printk() messages for debugging seems to me the logic works correctly.
>> I assume the libselinux provide the logic to encode object name, so it
>> shall
>> be applied transparently for the viewpoint of application.
>>
>> Signed-off-by: KaiGai Kohei<kohei.kaigai@xxxxxxxxxx>
>> ---
>> security/selinux/selinuxfs.c | 38
>> +++++++++++++++++++++++++++++++++++++-
>> 1 files changed, 37 insertions(+), 1 deletions(-)
>>
>> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
>> index 973f5a4..4fde279 100644
>> --- a/security/selinux/selinuxfs.c
>> +++ b/security/selinux/selinuxfs.c
>> @@ -28,6 +28,7 @@
>> #include<linux/percpu.h>
>> #include<linux/audit.h>
>> #include<linux/uaccess.h>
>> +#include<linux/ctype.h>
>>
>> /* selinuxfs pseudo filesystem for exporting the security policy API.
>> Based on the proc code and the fs/nfsd/nfsctl.c code. */
>> @@ -750,6 +751,15 @@ out:
>> return length;
>> }
>>
>> +static inline int hexcode_to_int(int code)
>> +{
>> + if (code == '\0' || !isxdigit(code))
>> + return -1;
>> + if (isdigit(code))
>> + return code - '0';
>> + return tolower(code) - 'a' + 10;
>> +}
>> +
>> static ssize_t sel_write_create(struct file *file, char *buf, size_t
>> size)
>> {
>> char *scon = NULL, *tcon = NULL;
>> @@ -784,8 +794,34 @@ static ssize_t sel_write_create(struct file
>> *file, char *buf, size_t size)
>> nargs = sscanf(buf, "%s %s %hu %s", scon, tcon,&tclass, namebuf);
>> if (nargs< 3 || nargs> 4)
>> goto out;
>> - if (nargs == 4)
>> + if (nargs == 4) {
>> + /*
>> + * If and when the name of new object to be queried
>> contains
>> + * either whitespace or multibyte characters, they shall
>> be
>> + * encoded based on the percentage-encoding rule.
>> + * If not encoded, the sscanf logic picks up only
>> left-half
>> + * of the supplied name; splitted by a whitespace
>> unexpectedly.
>> + */
>> + char *r, *w;
>> + int c1, c2;
>> +
>> + r = w = namebuf;
>> + do {
>> + c1 = *r++;
>> + if (c1 == '+')
>> + c1 = ' ';
>> + else if (c1 == '%') {
>> + if ((c1 = hexcode_to_int(*r++))< 0)
>> + goto out;
>> + if ((c2 = hexcode_to_int(*r++))< 0)
>> + goto out;
>> + c1 = (c1<< 4) | c2;
>> + }
>> + *w++ = c1;
>> + } while (c1 != '\0');
>> +
>> objname = namebuf;
>> + }
>>
>> length = security_context_to_sid(scon, strlen(scon) + 1,&ssid);
>> if (length)
>
--
KaiGai Kohei <kaigai@xxxxxxxxxxxx>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
