Re: [PATCH] fs: create and use seq_show_option for escaping
From: Kees Cook
Date: Sat Aug 08 2015 - 15:31:35 EST
On Sat, Aug 8, 2015 at 9:41 AM, J. R. Okajima <hooanon05g@xxxxxxxxx> wrote:
> Kees Cook:
>> This fixes the problem by adding new seq_show_option and seq_show_option_n
>> helpers, and updating the vulnerable show_option handlers to use them as
>> needed. Some, like SELinux, need to be open coded due to unusual existing
>> escape mechanisms.
> How about other ctrl chars such as CR or FF?
> I am using the similar function for many years, and it might be more
> generic because it supports all cntrl chars other than "\t\n\\" (see
> Many of other ctrl chars may not be necessary. But some people uses
> non-ASCII chars for their pathnames which may contain ESC or other
> chars. Any crazy chars can corrupt the output of /proc/mount and
> others. So it might be better to consider all ctrl chars.
While that's generally true, it's the consumers of mounts and
mountinfo that we need to worry about, and for those, it's only the
delimiters that we need to be concerned about (space, tab, newline,
However, since these consumers are expecting to deal with escapes, we
could, at any time, add new classes of characters to be escaped.
For this change, though, I wanted to keep it minimal for easiest backporting.
Chrome OS Security
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/