On Mon, Jan 30, 2017 at 02:38:03PM +0100, Petr Mladek wrote:
> We must not access userspace pointer directly. One solution would be
> to use get_user().
Good point.
> But a better solution might be to check also the trailing '\0' in
> __control_devkmsg, see below. I has several advantages:
>
> + we will never assign "invalid" value to @devkmsg_log and
> do not need to revert it. Only devkmsg_log_str must be
> reverted.
>
> + __control_devkmsg() do not need to return the length of the
> string. We could simply check the error code.
>
> * the err variable will have the same meaning for both
> __control_devkmsg() and proc_dostring().
>
Sounds good to me.
> Note that
>
> echo "ratelimitXXXXXX" >/proc/sys/kernel/printk_devkmsg
>
> succeeds because the copied string is limited by DEVKMSG_STR_MAX_SIZE.
> We would need to add at least one byte to be able to detect an error
> but I am not sure if it is worth it.
So my reasoning here was to allow only '<str>' or '<str>\n' - where
<str> is one of the three accepted settings and fail everything else.
That's why I did return the strlen.
Accepting
$ echo "ratelimitXXXXXX" > ...
looks strange to me and silly and misleading and...
IOW, I'd like the user to know what she does and mean it. No sloppy
inputs.
--
Regards/Gruss,
Boris.
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284
(AG Nürnberg)
--
