|| ||Ingo Molnar <mingo-AT-elte.hu> |
|| ||Vasiliy Kulikov <segoon-AT-openwall.com> |
|| ||Re: [PATCH v2] kernel: escape non-ASCII and control characters in
|| ||Fri, 1 Jul 2011 14:12:02 +0200|
|| ||Andrew Morton <akpm-AT-linux-foundation.org>,
James Morris <jmorris-AT-namei.org>,
Namhyung Kim <namhyung-AT-gmail.com>,
Greg Kroah-Hartman <gregkh-AT-suse.de>,
Alan Cox <alan-AT-lxorguk.ukuu.org.uk>,
Linus Torvalds <torvalds-AT-linux-foundation.org>|
|| ||Article, Thread
* Vasiliy Kulikov <firstname.lastname@example.org> wrote:
> On Mon, Jun 27, 2011 at 00:01 +0200, Ingo Molnar wrote:
> > * Vasiliy Kulikov <email@example.com> wrote:
> > > On Sun, Jun 26, 2011 at 21:46 +0200, Ingo Molnar wrote:
> > > > No, because the problems such a mistake causes are not equivalent: it
> > > > would have been far more harmful to not print out the *very real*
> > > > product names written in some non-US language than to accidentally
> > > > include some control character you did not think of.
> > >
> > > ???
> > >
> > > Not "not print", but print in "crypted" form. The information
> > > is still not lost, you can obviously restore it to the original
> > > form, with some effort, but possible. Compare it with the harm
> > > of log spoofing - it is not "restorable".
> > The harm of 'potential' log spoofing affecting exactly zero known
> > users right now,
> A potential thing affects all users that *can be* affected by
> actual log spoofing. This is what the word "potential" means.
Yes, but there's a world of a difference between alleged harm and
actual demonstrated harm.
That is a not so fine distinction that is often missed in security
So what i asked for before and what i ask for here is to protect
against real, specific harm. If we just 'protect' against things that
look dangerous it's easy to over-protect and cause colletaral damage.
(like the UTF-8 details the v1 patch missed)
> Analogy: if some privilege escalation bug is found in some very
> core code then all users iteracting with an untrusted security
> domains (local users, network, etc.) being able to exploit it would
> be affected. It is silly to say that nobody is affected because you
> just don't know any such cases of this bug exploitation in the
That analogy does not hold. If a security hole is obvious at first
sight then we'll indeed fix it without waiting for someone to be
But here the actual 'harm' is a lot less clear and what i'm trying to
steer you towards is to be more fact-based and less belief-based. The
only 'harm' that got demonstrated so far was collateral damage caused
by the v1 patch ...
to post comments)