> Interepreting arbitrary regexes configured by unpriv code in priv code > comes at some risk,. becose afair constructing them can come at O(2^n) > time, i.e. a rogue regex could make use consume unbounded time on > processing journal messages. > > Hence, I wouldn't hold your breath. Unless someone figures out a smart > way to deal with this it's unlikely to be supported. I am not sure about construction but checking for matches with arbitrary regexes can definitely result in DOS. Restricting the allowed features, however, alleviates this problem. E.g. the rust regex crate can check in O(m*n) with m = Regex Size and n = Input size. It does this by now allowing (amongst other things) no look-arounds or backrefs. I am not sure how configurable pcre2pattern is but maybe the supported features could be restricted for regexes from users. Nils
Re: Bump: Testing LogFilterPatterns= on user-level services
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Bump: Testing LogFilterPatterns= on user-level services
- From: Nils Kattenbeck <nilskemail@xxxxxxxxx>
- Date: Fri, 26 Jan 2024 13:01:33 +0100
- Cc: systemd-devel@xxxxxxxxxxxxxxxxxxxxx, Farblos <akfkqu.9df7rp@xxxxxxxxxxxxxxx>
- In-reply-to: <ZbNpLCJOmEDMIVH8@gardel-login>
- References: <8d86259b-ed84-4c22-8e32-94c309acf356@vodafonemail.de> <ZbNpLCJOmEDMIVH8@gardel-login>
- References:
- Bump: Testing LogFilterPatterns= on user-level services
- From: Farblos
- Re: Bump: Testing LogFilterPatterns= on user-level services
- From: Lennart Poettering
- Bump: Testing LogFilterPatterns= on user-level services
- Prev by Date: Re: Delaying VM startup until block devices are available
- Next by Date: umount fails on system with huge (2TiB) buff/cache
- Previous by thread: Re: Bump: Testing LogFilterPatterns= on user-level services
- Next by thread: Re: Bump: Testing LogFilterPatterns= on user-level services
- Index(es):
 |