Re: [PATCH] printk: fix printk.devkmsg sysctl

[Borislav Petkov]

On Mon, Jan 30, 2017 at 02:38:03PM +0100, Petr Mladek wrote:
> We must not access userspace pointer directly. One solution would be
> to use get_user().

Good point.

> But a better solution might be to check also the trailing '\0' in
> __control_devkmsg, see below. I has several advantages:
> 
>    + we will never assign "invalid" value to @devkmsg_log and
>      do not need to revert it. Only devkmsg_log_str must be
>      reverted.
> 
>    + __control_devkmsg() do not need to return the length of the
>      string. We could simply check the error code.
> 
>    * the err variable will have the same meaning for both
>      __control_devkmsg() and proc_dostring().
>

Sounds good to me.

> Note that
> 
>    echo "ratelimitXXXXXX" >/proc/sys/kernel/printk_devkmsg
> 
> succeeds because the copied string is limited by DEVKMSG_STR_MAX_SIZE.
> We would need to add at least one byte to be able to detect an error
> but I am not sure if it is worth it.

So my reasoning here was to allow only '<str>' or '<str>\n' - where
<str> is one of the three accepted settings and fail everything else.
That's why I did return the strlen.

Accepting

$ echo "ratelimitXXXXXX" > ...

looks strange to me and silly and misleading and...

IOW, I'd like the user to know what she does and mean it. No sloppy
inputs.

-- 
Regards/Gruss,
    Boris.

SUSE Linux GmbH, GF: Felix ImendÃrffer, Jane Smithard, Graham Norton, HRB 21284 (AG NÃrnberg)
--