Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
I think the people saying "you shouldn't cat your dmesg" are being idiotic.
Sanitizing log file output
Posted Jul 6, 2011 12:23 UTC (Wed) by dsommers (subscriber, #55274)
Posted Jul 6, 2011 12:39 UTC (Wed) by malor (subscriber, #2973)
Posted Jul 6, 2011 13:49 UTC (Wed) by nix (subscriber, #2304)
It could do it if its stdout isatty() I suppose, but that has so many holes it's nearly not worth it for a security thing (ls(1) uses this to tell how many columns to use, and note how easy it is to get it to switch to one-column mode accidentally).
Posted Jul 6, 2011 15:15 UTC (Wed) by malor (subscriber, #2973)
As you say, it kind of breaks the whole idea of cat, which is to take a stream of bytes from somewhere and echo it to stdout, without changing it. Cat's useful in a zillion different places, and if that filtering code got triggered by accident, it'd make a hell of a mess.
Cat is simple and reliable code, and adding in all that complexity to sanitize something that should have been sanitized in the first place is fundamentally a broken idea. And what about all the other (hundreds?) of programs that might touch dmesg and send it to the console?
In my view, 'don't use cat for dmesg' isn't reasonable. The devs making this argument are saying that the most fundamental Unix tool for echoing text to a screen, is not suitable for echoing text to a screen.
Posted Jul 7, 2011 16:59 UTC (Thu) by dgm (subscriber, #49227)
It's not the kernel's responsibility to know that some data is dangerous to the program you use to display it. "Sane data" is something that's completely different if you are using a VT-100 or a web browser. Trying to force this kind of policy where it doesn't belong is clearly shortsighted.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds