Re: [PATCH] fs: create and use seq_show

To:	"J. R. Okajima" <hooanon05g@xxxxxxxxx>
Subject:	Re: [PATCH] fs: create and use seq_show_option for escaping
From:	Kees Cook <keescook@xxxxxxxxxxxx>
Date:	Sat, 8 Aug 2015 12:31:00 -0700
Cc:	Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, "Yan, Zheng" <zyan@xxxxxxxxxx>, Sage Weil <sage@xxxxxxxxxx>, Ilya Dryomov <idryomov@xxxxxxxxx>, Steve French <sfrench@xxxxxxxxx>, Jan Kara <jack@xxxxxxxx>, Andreas Dilger <adilger.kernel@xxxxxxxxx>, "Theodore Ts'o" <tytso@xxxxxxx>, Steven Whitehouse <swhiteho@xxxxxxxxxx>, Bob Peterson <rpeterso@xxxxxxxxxx>, Jeff Dike <jdike@xxxxxxxxxxx>, Richard Weinberger <richard@xxxxxx>, Mark Fasheh <mfasheh@xxxxxxxx>, Joel Becker <jlbec@xxxxxxxxxxxx>, Miklos Szeredi <miklos@xxxxxxxxxx>, Dave Chinner <david@xxxxxxxxxxxxx>, xfs@xxxxxxxxxxx, Tejun Heo <tj@xxxxxxxxxx>, Li Zefan <lizefan@xxxxxxxxxx>, Johannes Weiner <hannes@xxxxxxxxxxx>, "David S. Miller" <davem@xxxxxxxxxxxxx>, Paul Moore <paul@xxxxxxxxxxxxxx>, Stephen Smalley <sds@xxxxxxxxxxxxx>, Eric Paris <eparis@xxxxxxxxxxxxxx>, James Morris <james.l.morris@xxxxxxxxxx>, "Serge E. Hallyn" <serge@xxxxxxxxxx>, Jens Axboe <axboe@xxxxxx>, Fabian Frederick <fabf@xxxxxxxxx>, Christoph Hellwig <hch@xxxxxx>, Firo Yang <firogm@xxxxxxxxx>, David Howells <dhowells@xxxxxxxxxx>, Jiri Slaby <jslaby@xxxxxxx>, Al Viro <viro@xxxxxxxxxxxxxxxxxx>, Joe Perches <joe@xxxxxxxxxxx>, Steven Rostedt <rostedt@xxxxxxxxxxx>, "linux-fsdevel@xxxxxxxxxxxxxxx" <linux-fsdevel@xxxxxxxxxxxxxxx>, LKML <linux-kernel@xxxxxxxxxxxxxxx>
Delivered-to:	xfs@xxxxxxxxxxx
Dkim-signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=pWDyH2ptYO9tlRNygaUYpTt2mzt88STvcxo/ALJCu/E=; b=G5hETnSFkBoUhCFEh1g8ZiyBODhGR2wyLTCjNP84+bE1zvkaDtR8LTAh16/bEDRi2a a9/6KzGASwrE1CB8IVgXzbl4ZaOuMKlVrbGKrwbPtm4TeFHFH0vSBOF9i0D0srRW5rSY 811VIK38DVRFlGDBCjru2sy5Fs5Dn5sNtjzx4wxbsPQVPwlMLPyIYT3MbCLPwNH21PNV XmKbk4NgljDLAhw5JI99vn6hV1tgAE6Du1nNfT8bDBBiFHaYy672b13Fsq9DgmGwvccL NPLTePT3dQsbRsCWY/xIFVcxByz4jhh49TwMj8gcvcRXt9Z+8jLT/X4597LW18jli7IS o8Gw==
Dkim-signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=pWDyH2ptYO9tlRNygaUYpTt2mzt88STvcxo/ALJCu/E=; b=QdhbwRtJhTD+Q38BHcK5KgltmDm4uevJWysj0TS/Xt2z1dJZceSU9REB0+g5KT/tYb hVPpuoILW/XGLsL2P8Kvh/DqFlvhPIU/+EsvhDg7cuWDzJ7CrmRB0r1YmUFR7sKZjZko hQSuP/dl66XqBd87TOOjxSEfKFD/MkDhX6kkc=
In-reply-to:	<8996.1439052115@jrobl>
References:	<20150807234150.GA11735@xxxxxxxxxxxxxxx> <8996.1439052115@jrobl>
Sender:	keescook@xxxxxxxxxx

On Sat, Aug 8, 2015 at 9:41 AM, J. R. Okajima <hooanon05g@xxxxxxxxx> wrote:
>
> Kees Cook:
>> This fixes the problem by adding new seq_show_option and seq_show_option_n
>> helpers, and updating the vulnerable show_option handlers to use them as
>> needed. Some, like SELinux, need to be open coded due to unusual existing
>> escape mechanisms.
>
> How about other ctrl chars such as CR or FF?
> I am using the similar function for many years, and it might be more
> generic because it supports all cntrl chars other than "\t\n\\" (see
> below).
>
> Many of other ctrl chars may not be necessary. But some people uses
> non-ASCII chars for their pathnames which may contain ESC or other
> chars. Any crazy chars can corrupt the output of /proc/mount and
> others. So it might be better to consider all ctrl chars.

While that's generally true, it's the consumers of mounts and
mountinfo that we need to worry about, and for those, it's only the
delimiters that we need to be concerned about (space, tab, newline,
and escapes).

However, since these consumers are expecting to deal with escapes, we
could, at any time, add new classes of characters to be escaped.

For this change, though, I wanted to keep it minimal for easiest backporting.

-Kees

-- 
Kees Cook
Chrome OS Security

<Prev in Thread]	Current Thread	[Next in Thread>
[PATCH] fs: create and use seq_show_option for escaping, Kees Cook Re: [PATCH] fs: create and use seq_show_option for escaping, Serge E. Hallyn Re: [PATCH] fs: create and use seq_show_option for escaping, J. R. Okajima Re: [PATCH] fs: create and use seq_show_option for escaping, Kees Cook <= Re: [PATCH] fs: create and use seq_show_option for escaping, Jan Kara Re: [PATCH] fs: create and use seq_show_option for escaping, Paul Moore

Previous by Date:	Re: [PATCH] fs: create and use seq_show_option for escaping, J. R. Okajima
Next by Date:	Re: why crc req on free-inobt & file-type-indir options?, Dave Chinner
Previous by Thread:	Re: [PATCH] fs: create and use seq_show_option for escaping, J. R. Okajima
Next by Thread:	Re: [PATCH] fs: create and use seq_show_option for escaping, Jan Kara
Indexes:	[Date] [Thread] [Top] [All Lists]

Re: [PATCH] fs: create and use seq_show_option for escaping