Received: by 2002:a05:6a10:83d0:0:0:0:0 with SMTP id o16csp41516pxh; Thu, 7 Apr 2022 13:22:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxAG/lMGKzdjxaXbOvKB9oUJ2mxnzmcuzDSD/gnSVAtTM+JCvwzuaWmvcUo9yceCKKSFZeH X-Received: by 2002:a63:6cca:0:b0:398:5811:6556 with SMTP id h193-20020a636cca000000b0039858116556mr12495437pgc.183.1649362968533; Thu, 07 Apr 2022 13:22:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649362968; cv=none; d=google.com; s=arc-20160816; b=ix1fDz0amc9Z4478BsDEwyiufjb6q4MEqjeb0UcpcsgdYpouUIBoOsn18t5Q4Djlkg H/mIiIHdXAStT1LnL1NfOIyXgR9Q22aWrTBTUG6H40fNkfbjqbhJwRa5MH0WvKZBVGAa V5FxIW3LUBdAt9NM/oMVQjiC/iRZWXwchjMcG0FSb4dSOn69hHVD3sSYdWIsC8AThBtC kIXKD+J3gWWbZ8FYyi8AREEYvjVlM6MIrSgneVk6uto6FJ/oWFDT9rBTGc3EwXs2fWTA rPc+u6wXDZgBwGFF7nnOQpgNftqgKTkLn5ihnLJai3muPZ6QSEl+11zGveXWqLHhX0Hf vXCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to :organization:from:references:cc:to:content-language:subject :user-agent:mime-version:date:message-id; bh=TGjUCcEaNVvmbc6XAT0zXsdfo+X36LC8vxLE1cqsh/Y=; b=TM6K8qxvJGT6d2ii7eRQfSmmOHJShLANmPtZm3mzam/yp5Ux1pHg7FHY2O34lb24Dr RgPbsWi7rf+kg8UETKSFEr8w51iZl1UcNLg7zrLXg4IJAunVM7k/xw4j5cQp/VcaxrA5 SOPj1E4BYZ0DE66HoRRSH4s2AoAEC3ExyY+KG2DvRadj7kZ5xVyTIPu//EMgbZin4r+K KmWwgHMU+jq3wqVKYUPlDT/u38xwefcpItb609VUGBdNwNcyi7Fh9aLsk77xzy1KDnRI O4fdtrS/a5onsDgD+NxXntqAspUEIjgzT1ftL0zGnf+4UOl9q9tAUKlyai5x1lok8Y1D ZZeA== ARC-Authentication-Results: i=1; mx.google.com; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id b5-20020a170902d50500b00154a965e488si686815plg.237.2022.04.07.13.22.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Apr 2022 13:22:48 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 833013571D9; Thu, 7 Apr 2022 12:41:20 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231207AbiDGK62 (ORCPT + 99 others); Thu, 7 Apr 2022 06:58:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35120 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244674AbiDGK6Q (ORCPT ); Thu, 7 Apr 2022 06:58:16 -0400 Received: from smtp1-g21.free.fr (smtp1-g21.free.fr [212.27.42.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 316CA78FE8; Thu, 7 Apr 2022 03:56:14 -0700 (PDT) Received: from [IPV6:2a01:e35:39f2:1220:bf15:70c6:368e:e3ba] (unknown [IPv6:2a01:e35:39f2:1220:bf15:70c6:368e:e3ba]) by smtp1-g21.free.fr (Postfix) with ESMTPS id D1822B0057F; Thu, 7 Apr 2022 12:56:05 +0200 (CEST) Message-ID: <8a87957e-4d33-9351-ae74-243441cb03cd@opteya.com> Date: Thu, 7 Apr 2022 12:56:05 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0 Subject: Re: [PATCH] af_unix: Escape abstract unix socket address Content-Language: fr-FR To: Stephen Hemminger Cc: "David S . Miller" , Jakub Kicinski , Paolo Abeni , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org References: <20220406102213.2020784-1-ydroneaud@opteya.com> <20220406145941.728b4cb5@hermes.local> From: Yann Droneaud Organization: OPTEYA In-Reply-To: <20220406145941.728b4cb5@hermes.local> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A, RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, Le 06/04/2022 à 23:59, Stephen Hemminger a écrit : > On Wed, 6 Apr 2022 12:22:13 +0200 > Yann Droneaud wrote: > >> Abstract unix socket address are bytes sequences up to >> 108 bytes (UNIX_PATH_MAX == sizeof(struct sockaddr_un) - >> offsetof(struct sockaddr_un, sun_path)). >> >> As with any random string of bytes, printing them in >> /proc/net/unix should be done with caution to prevent >> misbehavior. >> >> It would have been great to use seq_escape_mem() to escape >> the control characters in a reversible way. >> >> Unfortunately userspace might expect that NUL bytes are >> replaced with '@' characters as it's done currently. >> >> So this patch implements the following scheme: any control >> characters, including NUL, in the abstract unix socket >> addresses is replaced by '@' characters. >> >> Sadly, with such non reversible escape scheme, abstract >> addresses such as "\0\0", "\0\a", "\0\b", "\0\t", etc. >> will have the same representation: "@@". >> >> But will prevent "cat /proc/net/unix" from messing with >> terminal, and will prevent "\n" in abstract address from >> messing with parsing the list of Unix sockets. >> >> Signed-off-by: Yann Droneaud >> --- >> net/unix/af_unix.c | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c >> index e71a312faa1e..8021efd92301 100644 >> --- a/net/unix/af_unix.c >> +++ b/net/unix/af_unix.c >> @@ -3340,7 +3340,8 @@ static int unix_seq_show(struct seq_file *seq, void *v) >> i++; >> } >> for ( ; i < len; i++) >> - seq_putc(seq, u->addr->name->sun_path[i] ?: >> + seq_putc(seq, !iscntrl(u->addr->name->sun_path[i]) ? >> + u->addr->name->sun_path[i] : >> '@'); >> } >> unix_state_unlock(s); > Unfortunately, you will break userspace ABI with this. It's a wanted side effect. Consider the following program #include #include #include #include #include #define ADDRESS "\0\n0000000000000000: 00000003 00000000 00000000 0001 03 1234567890 /bin/true" int main(void) { static const struct sockaddr_un un = { .sun_family = AF_UNIX, .sun_path = ADDRESS, }; int s; s = socket(AF_UNIX, SOCK_STREAM, 0); if (s < 0) { perror("socket"); return 1; } if (bind(s, (const struct sockaddr *)&un, offsetof(struct sockaddr_un,sun_path) + sizeof(ADDRESS) - 1) < 0) { perror("bind"); return 1; } while (1) pause(); return 0; } This confuses - cat /proc/net/unix - netstat -x Only ss -xl doesn't take /bin/true as a Unix socket (but ss output is broken because it doesn't escape \n in unix addresses) Regards. -- Yann Droneaud OPTEYA