Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933630Ab1FWVrV (ORCPT ); Thu, 23 Jun 2011 17:47:21 -0400 Received: from cantor2.suse.de ([195.135.220.15]:56427 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933038Ab1FWVrT (ORCPT ); Thu, 23 Jun 2011 17:47:19 -0400 Date: Thu, 23 Jun 2011 14:44:21 -0700 From: Greg KH To: Matthew Garrett Cc: Vasiliy Kulikov , Andrew Morton , James Morris , Ingo Molnar , Namhyung Kim , kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org, security@kernel.org Subject: Re: [PATCH] kernel: escape non-ASCII and control characters in printk() Message-ID: <20110623214421.GC7184@suse.de> References: <20110622095341.GA3353@albatros> <20110622153742.GA18983@suse.de> <20110623133605.GA28333@srcf.ucam.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20110623133605.GA28333@srcf.ucam.org> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1174 Lines: 26 On Thu, Jun 23, 2011 at 02:36:05PM +0100, Matthew Garrett wrote: > On Wed, Jun 22, 2011 at 08:37:42AM -0700, Greg KH wrote: > > On Wed, Jun 22, 2011 at 01:53:41PM +0400, Vasiliy Kulikov wrote: > > > This patch escapes all characters outside of allowed '\n' plus 0x20-0x7E > > > charset passed to printk(). > > > > > > There are numerous printk() instances with user supplied input as "%s" > > > data, and unprivileged user may craft log messages with substrings > > > containing control characters via these printk()s. Control characters > > > might fool root viewing the logs via tty. > > > > There are "numerous" places this could happen? > > USB product identifiers? That's one, sure, but the ability to overwrite something else that you don't want someone to see based on plugging in a USB device is pretty slim. If I can plug any type of USB device I want into the system, odds are I just owned it anyway... greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/