Re: [PATCH v2] kernel: escape non-ASCII and control characters inprintk()

From: Ingo Molnar
Date: Sun Jun 26 2011 - 06:39:56 EST

Next message: Ingo Molnar: "Re: [rfc patch] x86,apic: fix DEBUG_PREEMPT gripe when booting withthreadirqs=1"
Previous message: Ingo Molnar: "Re: [patch 00/16] CFS Bandwidth Control v7"
Next in thread: Vasiliy Kulikov: "Re: [PATCH v2] kernel: escape non-ASCII and control characters inprintk()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Vasiliy Kulikov <segoon@xxxxxxxxxxxx> wrote:

> This patch escapes control characters fed to printk() except '\n' and '\t'.
>
> There are numerous printk() instances with user supplied input as "%s"
> data, and unprivileged user may craft log messages with substrings
> containing control characters via these printk()s. Control characters
> might fool root viewing the logs via tty, e.g. using ^[1A to suppress
> the previous log line.
>
> On the testing Samsung Q310 laptop there are no users of chars outside
> of the restricted charset.
>
> v2 - Allow chars with code >127. Allow tabs.
>
> Reported-by: Solar Designer <solar@xxxxxxxxxxxx>
> Signed-off-by: Vasiliy Kulikov <segoon@xxxxxxxxxxxx>
> ---
> kernel/printk.c | 17 ++++++++++++++++-
> 1 files changed, 16 insertions(+), 1 deletions(-)
>
> ---
> diff --git a/kernel/printk.c b/kernel/printk.c
> index 3518539..727ff7d 100644
> --- a/kernel/printk.c
> +++ b/kernel/printk.c
> @@ -41,6 +41,7 @@
> #include <linux/cpu.h>
> #include <linux/notifier.h>
> #include <linux/rculist.h>
> +#include <linux/ctype.h>
>
> #include <asm/uaccess.h>
>
> @@ -671,6 +672,20 @@ static void emit_log_char(char c)
> logged_chars++;
> }
>
> +static void emit_log_char_escaped(char c)
> +{
> + char buffer[8];
> + int i, len;
> +
> + if (!iscntrl(c) || (c == '\n') || (c == '\t'))
> + emit_log_char(c);
> + else {
> + len = sprintf(buffer, "#x%02x", c);
> + for (i = 0; i < len; i++)
> + emit_log_char(buffer[i]);
> + }

Nit: please use balanced curly braces.

Also, i think it would be better to make this opt-out, i.e. exclude
the handful of control characters that are harmful (such as backline
and console escape), instead of trying to include the known-useful
ones.

The whole non-ASCII-languages issue would not have happened if such
an approach was taken.

It's also the better approach for the kernel: we handle known harmful
things and are permissive otherwise.

Thanks,

Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ingo Molnar: "Re: [rfc patch] x86,apic: fix DEBUG_PREEMPT gripe when booting withthreadirqs=1"
Previous message: Ingo Molnar: "Re: [patch 00/16] CFS Bandwidth Control v7"
Next in thread: Vasiliy Kulikov: "Re: [PATCH v2] kernel: escape non-ASCII and control characters inprintk()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]