sanitize task->comm to avoid leaking escape codes
in [Kernel]
|
From: KOSAKI Motohiro on 29 Jun 2010 20:40 > > This patch sanitizes task->comm to only contain printable characters > > when it is set. Additionally, it redefines get_task_comm so that it is > > more obvious when misused by callers (presently nothing was incorrectly > > calling get_task_comm's unsafe use of strncpy). > > This is a regression for tools that correctly handle unmutilated data. > > > + /* sanitize non-printable characters */ > > + for (i = 0; buf[i] && i < (sizeof(tsk->comm) - 1); i++) { > > + if (!isprint(buf[i])) > > + tsk->comm[i] = '?'; > > The kernel "isprint" isn't adequate for this. comm is set by the shell > based on argv[0] usually which means that in normal situations it is a > UTF-8 string. Ah, I recall one use case. In past, some IBM folks talked about they want to map Java thread name to prctl(PR_SET_NAME). In such case, utf-8 name is very common. So, I agree with you. Thanks. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Alan Cox on 30 Jun 2010 05:20 > What I do have interest in is fixing get_task_comm's use of buffers, which > is theoretically problematic in some future where someone accidentally > calls it with a buffer smaller than sizeof(task->comm). Lots of things are theoretically problematic and kernel would take a week to boot if we covered them all 8) Having a struct task_name { char [propersize]; } would produce the same code as far as I can tell and so typechecking though - so as you say it can be done sanely. Alan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
First
|
Prev
|
Pages: 1 2 3 4 5 6 Prev: scripts: checkpatch.pl Next: block: Don't count_vm_events for discard bio in submit_bio. |