Re: [PATCH 2/3] irqchip: Fix a potential abuse of seq_printf() format string

From: Thomas Gleixner
Date: Tue Dec 03 2024 - 06:22:55 EST

Next message: AngeloGioacchino Del Regno: "Re: [PATCH v2 04/18] arm64: dts: mediatek: mt7988: add lvts node"
Previous message: Peter Griffin: "Re: [PATCH 1/4] power: supply: add support for max77759 fuel gauge"
Next in thread: David Wang: "Re: [PATCH 2/3] irqchip: Fix a potential abuse of seq_printf() format string"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Nov 20 2024 at 17:17, David Wang wrote:
> Using device name as format string of seq_printf() is prone to
> "Format string attack", opens possibility for exploitation.
> Seq_puts() is safer and more efficient.

I agree that seq_puts() is more efficient, but this whole handwaving
about format string attacks is far fetched.

These strings originate from device tree or generated device/domain
names. If they contain format strings, then that's either a plain bug in
the kernel or the device tree, but far from a 'format string attack'.

Thanks,

tglx

Next message: AngeloGioacchino Del Regno: "Re: [PATCH v2 04/18] arm64: dts: mediatek: mt7988: add lvts node"
Previous message: Peter Griffin: "Re: [PATCH 1/4] power: supply: add support for max77759 fuel gauge"
Next in thread: David Wang: "Re: [PATCH 2/3] irqchip: Fix a potential abuse of seq_printf() format string"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]