User: Password:
Subscribe / Log in / New account

Sanitizing log file output

Sanitizing log file output

Posted Jul 6, 2011 12:23 UTC (Wed) by dsommers (subscriber, #55274)
In reply to: Sanitizing log file output by malor
Parent article: Sanitizing log file output

I won't call anyone idiots, as I firmly believe that even the dmesg and cat user-space binaries should also do some kind of sanitation of the data it processes. But that sanitation needs to be done according to those programs needs and requirements. Hence, dmesg can most likely be much more stricter to what it passes on further, than cat.

(Log in to post comments)

Sanitizing log file output

Posted Jul 6, 2011 12:39 UTC (Wed) by malor (guest, #2973) [Link]

Well, sure, but it just makes sense to do it properly at the source. Security works best in layers. *Everyone* should fix the problem, both in kernel and in userspace. Saying "you shouldn't do that" is inadequate, when pretty much everyone in the entire world is doing that.

Sanitizing log file output

Posted Jul 6, 2011 13:49 UTC (Wed) by nix (subscriber, #2304) [Link]

cat cannot possibly do sanitization by default. A major use is in pipelines, in which it is sometimes used to stream all sorts of arbitrary binary data to other processes which never send it to the screen at all.

It could do it if its stdout isatty() I suppose, but that has so many holes it's nearly not worth it for a security thing (ls(1) uses this to tell how many columns to use, and note how easy it is to get it to switch to one-column mode accidentally).

Sanitizing log file output

Posted Jul 6, 2011 15:15 UTC (Wed) by malor (guest, #2973) [Link]

I'd actually hit on that in my prior comment, and then felt I was probably digressing a bit too much, and deleted that paragraph. Just as well, because you were more specific anyway.

As you say, it kind of breaks the whole idea of cat, which is to take a stream of bytes from somewhere and echo it to stdout, without changing it. Cat's useful in a zillion different places, and if that filtering code got triggered by accident, it'd make a hell of a mess.

Cat is simple and reliable code, and adding in all that complexity to sanitize something that should have been sanitized in the first place is fundamentally a broken idea. And what about all the other (hundreds?) of programs that might touch dmesg and send it to the console?

In my view, 'don't use cat for dmesg' isn't reasonable. The devs making this argument are saying that the most fundamental Unix tool for echoing text to a screen, is not suitable for echoing text to a screen.

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds