From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751418AbdJENrR (ORCPT ); Thu, 5 Oct 2017 09:47:17 -0400 Received: from www.llwyncelyn.cymru ([82.70.14.225]:41228 "EHLO fuzix.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751280AbdJENrQ (ORCPT ); Thu, 5 Oct 2017 09:47:16 -0400 Date: Thu, 5 Oct 2017 14:47:03 +0100 From: Alan Cox To: Adam Borowski Cc: "Theodore Ts'o" , Al Viro , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] vfs: hard-ban creating files with control characters in the name Message-ID: <20171005144703.16725c02@alans-desktop> In-Reply-To: <20171003173215.axcwmd4ynmvgkyym@angband.pl> References: <20171003005042.16470-1-kilobyte@angband.pl> <20171003020724.GH21978@ZenIV.linux.org.uk> <20171003164012.r4qnn5cr5kzmnft6@thunk.org> <20171003173215.axcwmd4ynmvgkyym@angband.pl> Organization: Intel Corporation X-Mailer: Claws Mail 3.14.1 (GTK+ 2.24.31; x86_64-redhat-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > For malformed Unicode or such, it'd make sense, yeah. Not really. It's legitimate to have bad unicode in a directory, or have a file system where some users are still in 8bit Russian encoding and some are unicode for example. The fix for this has always been the same - don't use shell script and similar things (php for example) where incorrect quoting causes you to execute random attacker code. As most of the waya to attack a shell script are printable symbols like $, ; ` and * you aren't going to save anyone by adding hacks to the VFS. Alan