Date: Wed, 13 Dec 2000 08:25:37 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: kris@citusc.usc.edu Cc: des@ofug.org (Dag-Erling Smorgrav), arch@FreeBSD.ORG Subject: Re: Safe string formatting in the kernel Message-ID: <200012130825.BAA26231@usr08.primenet.com> In-Reply-To: <20001211185610.A1741@citusc.usc.edu> from "kris@citusc.usc.edu" at Dec 11, 2000 06:56:10 PM
next in thread | previous in thread | raw e-mail | index | archive | help
> > I've implemented a set of functions for performing safe string > > formatting in the kernel, based on an initial idea (and design) by > > Poul-Henning. There's a patch up on freefall: > > I haven't reviewed this implementation, but introducing a secure > string handling API into the kernel has my support as security > officer. The current abuse of sprintf() in the kernel is really, > really scary. FWIW, Linux doesn't have the equivalent of a copyinstr() or other string manipulation. The only place that Linux copies strings in or out is in their path manipulation for file names (unless you count symbol resoloution via module loading). I've been a fan of this approach, ever since I fixed a memory leak in the failure path (submitted via Matt Day in 1997). It is much more robust; I've been troubled by the mount option cruft in BSD, and the more string stuff goes into the kernel, the less happy I become with it. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012130825.BAA26231>