Re: [PATCH v9 2/3] mm: add a field to store names for private anonymous memory
From: Kees Cook <hidden>
Date: 2021-09-03 22:28:34
Also in:
linux-fsdevel, linux-mm, lkml
On Fri, Sep 03, 2021 at 02:56:21PM -0700, Suren Baghdasaryan wrote:
On Fri, Sep 3, 2021 at 2:47 PM Kees Cook [off-list ref] wrote:quoted
(Sorry, a few more things jumped out at me when I looked again...) On Thu, Sep 02, 2021 at 04:18:12PM -0700, Suren Baghdasaryan wrote:quoted
[...]diff --git a/kernel/sys.c b/kernel/sys.c index 72c7639e3c98..25118902a376 100644 --- a/kernel/sys.c +++ b/kernel/sys.c@@ -2299,6 +2299,64 @@ int __weak arch_prctl_spec_ctrl_set(struct task_struct *t, unsigned long which, #define PR_IO_FLUSHER (PF_MEMALLOC_NOIO | PF_LOCAL_THROTTLE) +#ifdef CONFIG_MMU + +#define ANON_VMA_NAME_MAX_LEN 256 + +static inline bool is_valid_name_char(char ch) +{ + /* printable ascii characters, except [ \ ] */ + return (ch > 0x1f && ch < 0x5b) || (ch > 0x5d && ch < 0x7f); +}In the back of my mind, I feel like disallowing backtick would be nice, but then if $, (, and ) are allowed, it doesn't matter, and that seems too limiting. :)It's not used by the only current user (Android) and we can always allow more chars later. However going the other direction and disallowing some of them I think would be harder (need to make sure nobody uses them). WDYT if we keep it stricter and relax if needed?
I'd say, if we can also drop each of: ` $ ( ) then let's do it. Better to keep the obvious shell meta-characters out of this, although I don't feel strongly about it. Anything that might get confused by this would be similarly confused by binary names too: $ cat /proc/3407216/maps 560bdafd4000-560bdafd6000 r--p 00000000 fd:02 2621909 /tmp/yay`wat And it's probably easier to change a binary name than to call prctl. :P I'm good either way. What you have now is great, but if we wanted to be extra extra strict, we can add the other 4 above. -- Kees Cook