Re: [PATCH] vfs: hard-ban creating files with control characters in the name

From: Alan Cox
Date: Thu Oct 05 2017 - 09:47:20 EST

Next message: Thomas Gleixner: "Re: [PATCH] RDMA/nes: Convert timers to use timer_setup()"
Previous message: Srinivasan Shanmugam: "[PATCH] Staging: rtl8723bs: core: rtw_recv: fix parenthesis alignment warning in validate_recv_mgnt_frame()"
In reply to: Theodore Ts'o: "Re: [PATCH] vfs: hard-ban creating files with control characters in the name"
Next in thread: Alexey Dobriyan: "Re: [PATCH] vfs: hard-ban creating files with control characters in the name"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> For malformed Unicode or such, it'd make sense, yeah.

Not really. It's legitimate to have bad unicode in a directory, or have a
file system where some users are still in 8bit Russian encoding and some
are unicode for example.

The fix for this has always been the same - don't use shell script and
similar things (php for example) where incorrect quoting causes you to
execute random attacker code.

As most of the waya to attack a shell script are printable symbols like
$, ; ` and * you aren't going to save anyone by adding hacks to the VFS.

Alan

Next message: Thomas Gleixner: "Re: [PATCH] RDMA/nes: Convert timers to use timer_setup()"
Previous message: Srinivasan Shanmugam: "[PATCH] Staging: rtl8723bs: core: rtw_recv: fix parenthesis alignment warning in validate_recv_mgnt_frame()"
In reply to: Theodore Ts'o: "Re: [PATCH] vfs: hard-ban creating files with control characters in the name"
Next in thread: Alexey Dobriyan: "Re: [PATCH] vfs: hard-ban creating files with control characters in the name"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]