Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S964962AbWBGECJ (ORCPT ); Mon, 6 Feb 2006 23:02:09 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S964969AbWBGECJ (ORCPT ); Mon, 6 Feb 2006 23:02:09 -0500 Received: from clix.aarnet.edu.au ([192.94.63.10]:56529 "EHLO clix.aarnet.edu.au") by vger.kernel.org with ESMTP id S964962AbWBGECI (ORCPT ); Mon, 6 Feb 2006 23:02:08 -0500 Message-ID: <43E81B66.5060502@aarnet.edu.au> Date: Tue, 07 Feb 2006 14:30:38 +1030 From: Glen Turner Organization: Australia's Academic & Research Network User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc4 (X11/20050929) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Russell King CC: Pavel Machek , Alan Cox , Kumar Gala , linux-kernel@vger.kernel.org Subject: Re: 8250 serial console fixes -- issue References: <1138844838.5557.17.camel@localhost.localdomain> <43E2B8D6.1070707@aarnet.edu.au> <20060203094042.GB30738@flint.arm.linux.org.uk> <20060206202654.GC2470@ucw.cz> <20060206205459.GB9388@flint.arm.linux.org.uk> In-Reply-To: <20060206205459.GB9388@flint.arm.linux.org.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-MDSA: Yes X-Spam-Score: -104.901 BAYES_00,USER_IN_WHITELIST Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1611 Lines: 41 [Noting that I know next-to-nothing about kernel programming, but I have been down this particular road before...] Russell King wrote: > Maybe flush_old_exec() should be a little more careful > about what it copies, changing non-alphanumeric characters > to '?' ? I'm not sure it can do that, if the kernel policy is to be 8-bit clean (to allow UTF-8 to work without coding UTF-8 knowledge into the kernel). What the code could do is not printk() user-influenced strings at all. For example, mm/oom_kill.c could print just the process ID here: printk(KERN_ERR "Out of Memory: Killed process %d (%s).\n", p->pid, p->comm); The usual solution to this problem is to mark user-derived strings as tainted and then check for the taint attribute when strings are requested to be output. But since this is a kernel I don't suppose you'd be keen doing that :-) I suppose you need a policy decision -- are strings scrubbed on input (I've coded this once and it is really quite tricky). And then do you need a scrubbed and non-scrubbed version of p->comm (as comparing scrubbed p->comm for equality is problematic and probably expolitable). Or do you simply not output strings which have been tainted by contact with users. -- Glen Turner Tel: (08) 8303 3936 or +61 8 8303 3936 Australia's Academic & Research Network www.aarnet.edu.au - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/