Bug 206761 - escape codes in network interface names causes chaos
Summary: escape codes in network interface names causes chaos
Status: NEW
Alias: None
Product: Networking
Classification: Unclassified
Component: Other (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: Stephen Hemminger
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-03-05 10:42 UTC by George Shuklin
Modified: 2020-03-09 12:10 UTC (History)
0 users

See Also:
Kernel Version: 5.6
Subsystem:
Regression: No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description George Shuklin 2020-03-05 10:42:39 UTC 
netlink permits creation of interfaces with escape codes. Suck names can trick root by drawing at random places in terminal.


Minimal proof of concept:


echo -e '\x1B[2J'|xargs -I I ip link add I type dummy
ip l


(rollback): echo -e '\x1B[2J'|xargs -I I ip link del I
Comment 1 Stephen Hemminger 2020-03-05 16:05:47 UTC 
On Thu, 05 Mar 2020 10:42:39 +0000
bugzilla-daemon@bugzilla.kernel.org wrote:

> https://bugzilla.kernel.org/show_bug.cgi?id=206761
> 
>             Bug ID: 206761
>            Summary: escape codes in network interface names causes chaos
>            Product: Networking
>            Version: 2.5
>     Kernel Version: 5.6
>           Hardware: All
>                 OS: Linux
>               Tree: Mainline
>             Status: NEW
>           Severity: normal
>           Priority: P1
>          Component: Other
>           Assignee: stephen@networkplumber.org
>           Reporter: george.shuklin@gmail.com
>         Regression: No
> 
> netlink permits creation of interfaces with escape codes. Suck names can
> trick
> root by drawing at random places in terminal.
> 
> 
> Minimal proof of concept:
> 
> 
> echo -e '\x1B[2J'|xargs -I I ip link add I type dummy
> ip l
> 
> 
> (rollback): echo -e '\x1B[2J'|xargs -I I ip link del I
> 

My opinion is that this is not a problem that can be addressed without breaking kernel ABI.
Comment 2 George Shuklin 2020-03-05 16:10:03 UTC 
Currently kernel rejects interface names with spaces

Adding ESC into 'forbidden character list' shouldn't break anything (sane), should it?
Comment 3 Stephen Hemminger 2020-03-05 16:17:52 UTC 
On Thu, 05 Mar 2020 16:10:03 +0000
bugzilla-daemon@bugzilla.kernel.org wrote:

> https://bugzilla.kernel.org/show_bug.cgi?id=206761
> 
> --- Comment #2 from George Shuklin (george.shuklin@gmail.com) ---
> Currently kernel rejects interface names with spaces
> 
> Adding ESC into 'forbidden character list' shouldn't break anything (sane),
> should it?
> 

How would this work with UTF-8?
Comment 4 George Shuklin 2020-03-06 12:44:22 UTC 
Fix for escape code would not prevent use of UTF-8. It just protect against console codes messing up with console.

Having seen poop emoji instead of the interface name is odd, but it's not critical. Messing up the operators console is. The problem with console codes is that they can control terminal on a different machine (the interface is on one machine, the operators console is on other).
Comment 5 George Shuklin 2020-03-06 13:23:47 UTC 
One more consideration.

I found that renaming a physical interface (ethernet or wifi) causes this thing completely mess the kernel log, both in 'dmesg' output and in console output.

Now my dmesg looks like this:






               : Limiting TX power to 23 (23 - 0) dBm as advertised by 38:ff:36:3b:6f:4c

(nothing before this line).
Comment 6 Stephen Hemminger 2020-03-06 22:27:46 UTC 
What about (weird) users who put color codes on device names.
In general Linux does not restrict names of files or devices.
Comment 7 George Shuklin 2020-03-09 12:10:40 UTC 
But it does restrict device naming. You can put spaces in file name, but you can't put spaces in ifaces names. I don't understand why SPACE is not allowed, but ESC (which may cause much more havoc) is.
Note You need to log in before you can comment on or make changes to this bug.