| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 7 Sep 2016 09:38:52 -0700
From: Andi Kleen <andi@...stfloor.org>
To: Jiri Olsa <jolsa@...hat.com>
Cc: Kees Cook <keescook@...omium.org>,
Andi Kleen <andi@...stfloor.org>, Jiri Olsa <jolsa@...nel.org>,
lkml <linux-kernel@...r.kernel.org>,
Ingo Molnar <mingo@...nel.org>,
Adrian Hunter <adrian.hunter@...el.com>,
KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com>,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [PATCH] fs/proc/kcore.c: Omit kernel text area for hardened
usercopy feature
> ---
> diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
> index a939f5ed7f89..de07c273f725 100644
> --- a/fs/proc/kcore.c
> +++ b/fs/proc/kcore.c
> @@ -515,8 +515,20 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
> } else {
> if (kern_addr_valid(start)) {
> unsigned long n;
> + char *buf;
>
> - n = copy_to_user(buffer, (char *)start, tsz);
> + buf = kzalloc(tsz, GFP_KERNEL);
You have to add some limit and a loop, otherwise a user can eat all kernel memory,
or copies > KMALLOC_MAX wouldn't work. Probably only get a single page.
Also don't need kzalloc, kmalloc is sufficient.
-Andi
Powered by blists - more mailing lists