lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 22 Dec 2010 19:21:59 +0800
From:	Amerigo Wang <amwang@...hat.com>
To:	linux-kernel@...r.kernel.org
Cc:	WANG Cong <amwang@...hat.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Neil Horman <nhorman@...driver.com>,
	WANG Cong <xiyou.wangcong@...il.com>,
	Frederic Weisbecker <fweisbec@...il.com>,
	Wu Fengguang <fengguang.wu@...el.com>,
	Dan Carpenter <error27@...il.com>, Tejun Heo <tj@...nel.org>
Subject: [RFC Patch] kcore: restrict access to the whole memory

This patch restricts /proc/kcore from accessing the whole memory,
instead, only an ELF header can be read.

The initial patch was done by Vivek.

Signed-off-by: WANG Cong <amwang@...hat.com>

---
diff --git a/fs/proc/Kconfig b/fs/proc/Kconfig
index 6a00688..2fd1df1 100644
--- a/fs/proc/Kconfig
+++ b/fs/proc/Kconfig
@@ -32,6 +32,14 @@ config PROC_KCORE
 	bool "/proc/kcore support" if !ARM
 	depends on PROC_FS && MMU
 
+config STRICT_PROC_KCORE
+	bool "Only export an ELF header from /proc/kcore"
+	depends on PROC_KCORE
+	default n
+	help
+	If this option is enabled, only an ELF header can be read from
+	/proc/kcore, instead of a whole ELF image.
+
 config PROC_VMCORE
 	bool "/proc/vmcore support"
 	depends on PROC_FS && CRASH_DUMP
diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
index 6f37c39..c45ff00 100644
--- a/fs/proc/kcore.c
+++ b/fs/proc/kcore.c
@@ -90,7 +90,12 @@ static size_t get_kcore_size(int *nphdr, size_t *elf_buflen)
 			roundup(sizeof(struct elf_prpsinfo), 4) +
 			roundup(sizeof(struct task_struct), 4);
 	*elf_buflen = PAGE_ALIGN(*elf_buflen);
+#ifdef CONFIG_STRICT_PROC_KCORE
+	return *elf_buflen;
+#else
 	return size + *elf_buflen;
+#endif
+
 }
 
 static void free_kclist_ents(struct list_head *head)
@@ -429,7 +434,7 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
 	size_t size, tsz;
 	size_t elf_buflen;
 	int nphdr;
-	unsigned long start;
+	unsigned long __maybe_unused start;
 
 	read_lock(&kclist_lock);
 	size = get_kcore_size(&nphdr, &elf_buflen);
@@ -473,6 +478,9 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
 	} else
 		read_unlock(&kclist_lock);
 
+#ifdef CONFIG_STRICT_PROC_KCORE
+	return acc;
+#else
 	/*
 	 * Check to see if our file offset matches with any of
 	 * the addresses in the elf_phdr on our list.
@@ -537,6 +545,7 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
 	}
 
 	return acc;
+#endif
 }
 
 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ