Received: by 10.223.185.116 with SMTP id b49csp830606wrg; Tue, 20 Feb 2018 08:32:55 -0800 (PST) X-Google-Smtp-Source: AH8x225oVLgK/4j7ITIRod3/NvegFuqTFuETMAlvJTJf3fShrYIkANjUhDnjUe7igPtQjMrCHyPa X-Received: by 2002:a17:902:26:: with SMTP id 35-v6mr198737pla.42.1519144375313; Tue, 20 Feb 2018 08:32:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519144375; cv=none; d=google.com; s=arc-20160816; b=zTkNQaSosChmctV49VEpMI3psQn62QL4Bnk76OX7LubjhqzU+vqTh/idNlBnBer4ds b2RUaTIvlf9r9nyQdzB6gwPCFwJYNFf+C14pKdA15Eg/nanr+KdpDf6LunGO6+rcIEZM FoN30Lw502APRBwA04of5CvtIEjYlOSsITqffpo89MBPQnmmDeBhFC0U+g3xFjRwU8Xv TDMpuCT4fYdTclWp+06vvTQ9GIuYMwTZ/AaokpKlnaMQPZ+KubipBTyhGTSfT+WUGvcA RK6VYN96R6LpxDAoVPVC1UvWQXoVlmA0177mGr9zcwKs3Al7mmR6TBHhgCA1PrWCrx8Y XNRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-filter :arc-authentication-results; bh=mXBHay+ORCT+pVLT75Q/yVzvyY4kNO8g3cOgAYIPSq0=; b=ToAYEYFdTHLSplSZAoFk1oWge0jMMw0fugISW/l9iRYnDX/e4ajoxFBTOifdDh/gW7 mr3m5jjcgTPHfB9h0WR0JytEKesrc0krrhA49qEUPy0LXw+6a/3IWV+4yXkDUG2GHZLM QH3KO+xTpDgzncewquRHXJ6eY39kA+3lGF74G+cnVdKDcPfPBeE4QnGa/4I8ZWSZAN3O cPF4KmbnV08qzaNIagsN+SMzjtfO98u7qenRc5xPD71bQKHUuGb465hCTZDWAXhvTevl quXnXBWYaEY8hYs7s5HGn8w/OsvgxTddMh8OICrM0DLumoY5Yd5XD6Fio+Ljtbqorc4l hZ1g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@nifty.com header.s=dec2015msa header.b=FnIm0ino; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y4si1330355pfm.357.2018.02.20.08.32.40; Tue, 20 Feb 2018 08:32:55 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@nifty.com header.s=dec2015msa header.b=FnIm0ino; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753085AbeBTQa6 (ORCPT + 99 others); Tue, 20 Feb 2018 11:30:58 -0500 Received: from conssluserg-06.nifty.com ([210.131.2.91]:30210 "EHLO conssluserg-06.nifty.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752967AbeBTQa4 (ORCPT ); Tue, 20 Feb 2018 11:30:56 -0500 Received: from mail-ua0-f178.google.com (mail-ua0-f178.google.com [209.85.217.178]) (authenticated) by conssluserg-06.nifty.com with ESMTP id w1KGUq56015609 for ; Wed, 21 Feb 2018 01:30:52 +0900 DKIM-Filter: OpenDKIM Filter v2.10.3 conssluserg-06.nifty.com w1KGUq56015609 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nifty.com; s=dec2015msa; t=1519144252; bh=mXBHay+ORCT+pVLT75Q/yVzvyY4kNO8g3cOgAYIPSq0=; h=In-Reply-To:References:From:Date:Subject:To:Cc:From; b=FnIm0ino0YREYG97z00TWacGNDpcBfRU6LPRVU7+61OtSuFXaNEO5Z86OuZVYuSXj nzEKirGuhds0p38oDYmX3ijVVm2AjfeZjlQmXJj9czwiCTuovtt9RJ3ixf+JqYggkz pxIdXE/xiODkpsld2YNT/2rtThU39EEfZ3FdubUCPHqn179OXDWapX7nrUdTC3Hv+j i4ocZBxjxy6WX1laReUVCM+Xm4kAZ7pyqOPOurK8Tkgx2rpFCjOM7lsg+EY3jZ0QvG BbvUYBUzh2Rm65++08qXsiLwshCBDSoIEK07zofPnwknZHKouaBFhX30+Gm1g78GrF Ecaolo/yuDSZQ== X-Nifty-SrcIP: [209.85.217.178] Received: by mail-ua0-f178.google.com with SMTP id m43so8731109uah.1 for ; Tue, 20 Feb 2018 08:30:52 -0800 (PST) X-Gm-Message-State: APf1xPCqmNEwdB5zUhqPfSfb8CkFLbghqdSkBBP05AgBiw9essh0OyPR c7NwLlSnBcXCivtknZRIVrX97+Jc0jq5I863hMU= X-Received: by 10.159.35.162 with SMTP id 31mr161202uao.144.1519144251279; Tue, 20 Feb 2018 08:30:51 -0800 (PST) MIME-Version: 1.0 Received: by 10.176.83.212 with HTTP; Tue, 20 Feb 2018 08:30:10 -0800 (PST) In-Reply-To: <1919455.eZKeABUfgV@blindfold> References: <20180219092245.26404-1-richard@nod.at> <14335276.CH3Xr2i6I8@blindfold> <1919455.eZKeABUfgV@blindfold> From: Masahiro Yamada Date: Wed, 21 Feb 2018 01:30:10 +0900 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v2] kbuild: Don't source kernel config To: Richard Weinberger Cc: Linux Kernel Mailing List , Greg Kroah-Hartman , Kate Stewart , Nicholas Piggin , Kees Cook , Andrew Morton , david@sigma-star.at, kbuild-all@01.org, Sam Ravnborg , Arnaud Lacombe , Nick Bowler , Michal Marek , Nicolas Pitre , Rusty Russell Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 2018-02-21 1:16 GMT+09:00 Richard Weinberger : > Am Dienstag, 20. Februar 2018, 17:00:39 CET schrieb Masahiro Yamada: >> 2018-02-21 0:25 GMT+09:00 Richard Weinberger : >> > Am Dienstag, 20. Februar 2018, 16:18:11 CET schrieb Masahiro Yamada: >> >> 2018-02-19 18:22 GMT+09:00 Richard Weinberger : >> >> > Don't source the kernel config file in shell scripts. >> >> > The config file is not a shell script and often imported from untrusted >> >> > sources. >> >> > What could possible go wrong? ;-) >> >> >> >> Please enumerate your real problems. >> > >> > Build a kernel where the .config contains something like: >> > CONFIG_CMDLINE_BOOL=y >> > CONFIG_CMDLINE="`echo hello > world`" >> >> Same for Makefile >> if a string symbol is referenced from Makefile, like >> >> CONFIG_CROSS_COMPILE="$(shell echo hello > world)aarch64-linux-gnu-" > > Correct. But you forget that the .config file is often imported from untrusted > sources. Like on LKML, "my kernel explodes, this is the .config". > Jonny random Kernel developer then takes the .config and builds it... > >> > I'll send a v3 because I forgot to convert one function in the shell >> > script to the new bash array. kbuild bot FTW. :-) >> >> You do not need to do so. > > Okay, let's wait until toxic .configs appear in the wild. ;-) > >> This patch is so ugly. >> >> Also, changed shell scripts have '#!/bin/sh' shebang, >> but you are adding bash as a requirement. > > An alternate approach would be this: > diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c > index 5c12dc91ef34..ff0a7c62344b 100644 > --- a/scripts/kconfig/confdata.c > +++ b/scripts/kconfig/confdata.c > @@ -161,6 +161,13 @@ static int conf_set_sym_val(struct symbol *sym, int def, > int def_flags, char *p) > case S_STRING: > if (*p++ != '"') > break; > + > + p2 = strpbrk(p, "`$"); > + if (p2 && !(p2[0] == '$' && p2[1] != '(')) { > + conf_warning("string contains forbidden characters"); > + return 1; > + } > + > for (p2 = p; (p2 = strpbrk(p2, "\"\\")); p2++) { > if (*p2 == '"') { > *p2 = 0; > > That way the conf tool will sanitize the .config before shell scripts will > source it. This approach seems better. -- Best Regards Masahiro Yamada