[linu-next] samples/bpf: use absolute path for dd

Message ID	20220922090231.236152-1-xu.panda@zte.com.cn (mailing list archive)
State	Rejected
Delegated to:	BPF
Headers	show Return-Path: <bpf-owner@kernel.org> From: cgel.zte@gmail.com To: ast@kernel.org Cc: daniel@iogearbox.net, andrii@kernel.org, martin.lau@linux.dev, song@kernel.org, yhs@fb.com, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org, bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Xu Panda <xu.panda@zte.com.cn>, Zeal Robot <zealci@zte.com.cn> Subject: [PATCH linu-next] samples/bpf: use absolute path for dd Date: Thu, 22 Sep 2022 09:02:31 +0000 Message-Id: <20220922090231.236152-1-xu.panda@zte.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	[linu-next] samples/bpf: use absolute path for dd \| expand [linu-next] samples/bpf: use absolute path for dd

Message ID

20220922090231.236152-1-xu.panda@zte.com.cn (mailing list archive)

State

Rejected

Delegated to:

BPF

Headers

From: cgel.zte@gmail.com
To: ast@kernel.org
Cc: daniel@iogearbox.net, andrii@kernel.org, martin.lau@linux.dev,
        song@kernel.org, yhs@fb.com, john.fastabend@gmail.com,
        kpsingh@kernel.org, sdf@google.com, haoluo@google.com,
        jolsa@kernel.org, bpf@vger.kernel.org,
        linux-kernel@vger.kernel.org, Xu Panda <xu.panda@zte.com.cn>,
        Zeal Robot <zealci@zte.com.cn>
Subject: [PATCH linu-next] samples/bpf: use absolute path for dd
Date: Thu, 22 Sep 2022 09:02:31 +0000
Message-Id: <20220922090231.236152-1-xu.panda@zte.com.cn>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

[linu-next] samples/bpf: use absolute path for dd | expand

Context	Check	Description
bpf/vmtest-bpf-PR	fail	merge-conflict
netdev/tree_selection	success	Not a local patch

Context

Check

Description

bpf/vmtest-bpf-PR

fail

merge-conflict

netdev/tree_selection

success

Not a local patch

Commit Message

CGEL Sept. 22, 2022, 9:02 a.m. UTC

From: Xu Panda <xu.panda@zte.com.cn>

Not using absolute path when invoking dd can lead to serious security
issues.

Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Xu Panda <xu.panda@zte.com.cn>
---
 samples/bpf/trace_event_user.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Greg KH Sept. 22, 2022, 10:08 a.m. UTC | #1

On Thu, Sep 22, 2022 at 09:02:31AM +0000, cgel.zte@gmail.com wrote:
> From: Xu Panda <xu.panda@zte.com.cn>
> 
> Not using absolute path when invoking dd can lead to serious security
> issues.
> 
> Reported-by: Zeal Robot <zealci@zte.com.cn>
> Signed-off-by: Xu Panda <xu.panda@zte.com.cn>
> ---
>  samples/bpf/trace_event_user.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/samples/bpf/trace_event_user.c b/samples/bpf/trace_event_user.c
> index 9664749bf618..d841918accc9 100644
> --- a/samples/bpf/trace_event_user.c
> +++ b/samples/bpf/trace_event_user.c
> @@ -126,7 +126,7 @@ static void print_stacks(void)
> 
>  static inline int generate_load(void)
>  {
> -       if (system("dd if=/dev/zero of=/dev/null count=5000k status=none") < 0) {
> +       if (system("/usr/bin/dd if=/dev/zero of=/dev/null count=5000k status=none") < 0) {
>                 printf("failed to generate some load with dd: %s\n", strerror(errno));
>                 return -1;
>         }
> -- 
> 2.15.2

Again, please stop submitting patches for Linux kernel development at
this point in time until your company has fixed their development
process.

You have been warned many times about this, and we have heard nothing
back from you at all.  I'll go ask for your email address to now be
banned from our lists, sorry.

greg k-h

diff --git a/samples/bpf/trace_event_user.c b/samples/bpf/trace_event_user.c
index 9664749bf618..d841918accc9 100644
--- a/samples/bpf/trace_event_user.c
+++ b/samples/bpf/trace_event_user.c
@@ -126,7 +126,7 @@  static void print_stacks(void)

 static inline int generate_load(void)
 {
-       if (system("dd if=/dev/zero of=/dev/null count=5000k status=none") < 0) {
+       if (system("/usr/bin/dd if=/dev/zero of=/dev/null count=5000k status=none") < 0) {
                printf("failed to generate some load with dd: %s\n", strerror(errno));
                return -1;
        }

[linu-next] samples/bpf: use absolute path for dd

Checks

Commit Message

Comments

Patch