| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 07 Nov 2014 11:40:38 -0800 From: Andy Lutomirski <luto@...capital.net> To: Seth Jennings <sjenning@...hat.com>, Josh Poimboeuf <jpoimboe@...hat.com>, Jiri Kosina <jkosina@...e.cz>, Vojtech Pavlik <vojtech@...e.cz>, Steven Rostedt <rostedt@...dmis.org> CC: live-patching@...r.kernel.org, kpatch@...hat.com, linux-kernel@...r.kernel.org Subject: Re: [PATCH 2/2] kernel: add support for live patching On 11/06/2014 06:39 AM, Seth Jennings wrote: > This commit introduces code for the live patching core. It implements > an ftrace-based mechanism and kernel interface for doing live patching > of kernel and kernel module functions. > > It represents the greatest common functionality set between kpatch and > kgraft and can accept patches built using either method. > > This first version does not implement any consistency mechanism that > ensures that old and new code do not run together. In practice, ~90% of > CVEs are safe to apply in this way, since they simply add a conditional > check. However, any function change that can not execute safely with > the old version of the function can _not_ be safely applied in this > version. > [...] > +/******************************************** > + * Sysfs Interface > + *******************************************/ > +/* > + * /sys/kernel/livepatch > + * /sys/kernel/livepatch/<patch> > + * /sys/kernel/livepatch/<patch>/enabled > + * /sys/kernel/livepatch/<patch>/<object> > + * /sys/kernel/livepatch/<patch>/<object>/<func> > + * /sys/kernel/livepatch/<patch>/<object>/<func>/new_addr > + * /sys/kernel/livepatch/<patch>/<object>/<func>/old_addr > + */ Letting anyone read new_addr and old_addr is a kASLR leak, and I would argue that showing this information to non-root at all is probably a bad idea. Can you make new_addr and old_addr have mode 0600 and /sys/kernel/livepatch itself have mode 0500? For the latter, an admin who wants unprivileged users to be able to see it can easily chmod it. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists