Re: unsafe printk

From: Pavel Machek
Date: Fri Oct 17 2003 - 04:54:51 EST

Next message: David Woodhouse: "Re: Access MTD device from kernel module?"
Previous message: Torben Mathiasen: "Re: [RFT][PATCH] fix ServerWorks PIO auto-tuning"
In reply to: Albert Cahalan: "unsafe printk"
Next in thread: Albert Cahalan: "Re: unsafe printk"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

> Suppose I name an executable this:
> "\n<0>Oops: EIP=0"
>
> That comes out as a KERN_EMERG log message,
> hitting the console and maybe a pager even.
>
> There seem to be a number of places in the
> kernel that printk current->comm without
> concern for what it may contain.
>
> Escape codes and non-ASCII can make for some
> interesting log messages as well. Terminals
> may have some programmable keys or answerback
> messages. So one day root is using grep on
> the log files, and they program the answerback
> string to contain a "\r\nrm -r /\r\n"...

Or at least you can make his terminal pink ;-). Unfortunately same
problem is with userland programs; root does ps and his terminal goes
pink. Sanitizing kernel messages would be good start, but ps&friends
and ls&friends need to be sanitized, too.
Pavel

--
When do you have a heart between your knees?
[Johanka's followup: and *two* hearts?]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Woodhouse: "Re: Access MTD device from kernel module?"
Previous message: Torben Mathiasen: "Re: [RFT][PATCH] fix ServerWorks PIO auto-tuning"
In reply to: Albert Cahalan: "unsafe printk"
Next in thread: Albert Cahalan: "Re: unsafe printk"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]