From: "Ahmed S. Darwish" <darwish.07@gmail.com> To: "Adrian Bunk" <bunk@kernel.org> Cc: "Kyle Moffett" <mrmacman_g4@mac.com>, "Casey Schaufler" <casey@schaufler-ca.com>, akpm@osdl.org, torvalds@osdl.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] Smackv10: Smack rules grammar + their stateful parser Date: Tue, 6 Nov 2007 14:23:36 +0200 Message-ID: <1865922a0711060423ue81dbdct413b993e727f6f9@mail.gmail.com> (raw) In-Reply-To: <20071106114738.GH26163@stusta.de> On 11/6/07, Adrian Bunk <bunk@kernel.org> wrote: > On Tue, Nov 06, 2007 at 01:34:05PM +0200, Ahmed S. Darwish wrote: > > Hi, > > > > On Tue, Nov 06, 2007 at 09:56:51AM +0100, Adrian Bunk wrote: > > > On Tue, Nov 06, 2007 at 03:26:12AM -0500, Kyle Moffett wrote: > > > > On Nov 06, 2007, at 01:33:05, Adrian Bunk wrote: > > > >> Can you limit this to 7bit ASCII and use isascii() somewhere? > > > >> > > > >> Otherwise I'd expect funny things to happen when you e.g. use isspace() on > > > >> the UTF-8 encoded character ??. > > > > > > > > Actually, you don't need to. You tell them it expects UTF-8 encoded > > > > strings and be done with it. All US-ASCII characters from 0 through 127 > > > > (IE: high bit clear) are exactly the same in UTF-8, and UTF-8 special > > > > characters have the high bit set in all bytes. Therefore you just assume > > > > that anything with the high bit set is part of a word and you can handle > > > > basic UTF-8. (It doesn't work on special UTF-8 space characters like > > > > nonbreaking space and similar, but handling those is significantly more > > > > complicated). > > > > > > The documentations says: > > > "Smack labels cannot contain unprintable characters or the "/" (slash) > > > character." > > > > > > What you propose might contain unprintable characters, and it might even > > > be invalid UTF-8. > > > > As far as I understand the problem now, isspace() accepts the 0xa0 > > character which might collide with some of UTF-8 encoded characters > > cause the high bit is set. > > > > I used "if (!isspace(c) && !isgraph(c)) return -EINVAL;" to test > > rules' characters validity which seems not enough. I'll add !isascii(c) > > in the condition and ask Casey to change the documentation to be > > something like: > > > > Smack labels are represented in ASCII characters, they cannot contain > > unprintable characters or the '/' (slash) character. > > > > and in write(): > > if (!isascii(c) return -EINVAL; > > if (!isspace(c) && !isgraph(c)) return -EINVAL; > > > > This satisfy above customized labels rule, right ? > > It should work for all charsets you'll usually have to handle. > I admit I'm not experienced in such encoding stuff, but shouldn't the ASCII and the ASCII-compatible UTF-8 encodings be enough for the labels ? > It would not work if someone would e.g. give you UTF-16 encoded strings, > but I don't see this happening in practice. Won't this complicate the code too much ? -- Ahmed S. Darwish Homepage: http://darwish.07.googlepages.com Blog: http://darwish-07.blogspot.com
next prev parent reply index Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top 2007-11-02 20:50 [PATCH] Version 10 (2.6.24-rc1) Smack: Simplified Mandatory Access Control Kernel Casey Schaufler 2007-11-03 16:43 ` [PATCH] Smackv10: Smack rules grammar + their stateful parser Ahmed S. Darwish 2007-11-03 18:30 ` Kyle Moffett 2007-11-03 22:12 ` Ahmed S. Darwish 2007-11-04 12:28 ` Pavel Machek 2007-11-04 13:23 ` Ahmed S. Darwish 2007-11-04 16:37 ` Casey Schaufler 2007-11-05 9:41 ` Ahmed S. Darwish 2007-11-05 16:21 ` Linus Torvalds 2007-11-05 21:56 ` Tetsuo Handa 2007-11-06 10:00 ` Adrian Bunk 2007-11-06 12:27 ` Tetsuo Handa 2007-11-06 13:58 ` Adrian Bunk 2007-11-06 14:32 ` Tetsuo Handa 2007-11-06 14:59 ` Adrian Bunk 2007-11-06 15:27 ` Tetsuo Handa 2007-11-06 22:42 ` Adrian Bunk 2007-11-05 23:38 ` Ahmed S. Darwish 2007-11-06 8:06 ` Adrian Bunk 2007-11-06 15:39 ` Linus Torvalds 2007-11-06 23:00 ` Adrian Bunk 2007-11-06 23:08 ` Linus Torvalds 2007-11-07 0:07 ` Adrian Bunk 2007-11-07 0:27 ` Linus Torvalds 2007-11-07 0:43 ` Adrian Bunk 2007-11-07 1:03 ` Tetsuo Handa 2007-11-07 1:06 ` Linus Torvalds 2007-11-07 1:59 ` Adrian Bunk 2007-11-07 4:09 ` Linus Torvalds 2007-11-07 15:08 ` Alan Cox 2007-11-04 20:06 ` Ahmed S. Darwish 2007-11-05 0:56 ` [PATCH] Smackv10: Smack rules grammar + their stateful parser(2) Ahmed S. Darwish 2007-11-10 17:05 ` Jakob Oestergaard 2007-11-10 19:45 ` Ahmed S. Darwish 2007-11-11 12:44 ` Pavel Machek 2007-11-11 18:37 ` Ahmed S. Darwish 2007-11-06 6:33 ` [PATCH] Smackv10: Smack rules grammar + their stateful parser Adrian Bunk 2007-11-06 8:26 ` Kyle Moffett 2007-11-06 8:56 ` Adrian Bunk 2007-11-06 11:02 ` Alan Cox 2007-11-06 11:34 ` Ahmed S. Darwish 2007-11-06 11:47 ` Adrian Bunk 2007-11-06 12:23 ` Ahmed S. Darwish [this message] 2007-11-06 12:49 ` Kyle Moffett 2007-11-06 13:34 ` Adrian Bunk 2007-11-06 14:05 ` Ahmed S. Darwish 2007-11-06 14:10 ` Adrian Bunk 2007-11-06 14:30 ` Ahmed S. Darwish 2007-11-06 15:53 ` Linus Torvalds 2007-11-07 10:56 ` [PATCH] Fix isspace() and other ctype.h functions to ignore chars 128-255 Kyle Moffett
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1865922a0711060423ue81dbdct413b993e727f6f9@mail.gmail.com \ --to=darwish.07@gmail.com \ --cc=akpm@osdl.org \ --cc=bunk@kernel.org \ --cc=casey@schaufler-ca.com \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-security-module@vger.kernel.org \ --cc=mrmacman_g4@mac.com \ --cc=torvalds@osdl.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
LKML Archive on lore.kernel.org Archives are clonable: git clone --mirror https://lkml.kernel.org/lkml/0 lkml/git/0.git git clone --mirror https://lkml.kernel.org/lkml/1 lkml/git/1.git git clone --mirror https://lkml.kernel.org/lkml/2 lkml/git/2.git git clone --mirror https://lkml.kernel.org/lkml/3 lkml/git/3.git git clone --mirror https://lkml.kernel.org/lkml/4 lkml/git/4.git git clone --mirror https://lkml.kernel.org/lkml/5 lkml/git/5.git git clone --mirror https://lkml.kernel.org/lkml/6 lkml/git/6.git git clone --mirror https://lkml.kernel.org/lkml/7 lkml/git/7.git git clone --mirror https://lkml.kernel.org/lkml/8 lkml/git/8.git git clone --mirror https://lkml.kernel.org/lkml/9 lkml/git/9.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 lkml lkml/ https://lkml.kernel.org/lkml \ linux-kernel@vger.kernel.org public-inbox-index lkml Example config snippet for mirrors Newsgroup available over NNTP: nntp://nntp.lore.kernel.org/org.kernel.vger.linux-kernel AGPL code for this site: git clone https://public-inbox.org/public-inbox.git