lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20171205094432.GA11064@eros>
Date:   Tue, 5 Dec 2017 20:44:32 +1100
From:   "Tobin C. Harding" <me@...in.cc>
To:     Joe Perches <joe@...ches.com>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        Andy Whitcroft <apw@...onical.com>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] checkpatch: warn for use of %px

On Mon, Dec 04, 2017 at 11:24:24PM -0800, Joe Perches wrote:
> On Tue, 2017-12-05 at 08:17 +1100, Tobin C. Harding wrote:
> > Usage of the new %px specifier potentially leaks sensitive
> > inforamtion. Printing kernel addresses exposes the kernel layout in
> 
> information

I don't understand this comment? Do you mean the wording is wrong? I'll
re-word as suggested below.

> > memory, this is potentially exploitable. We have tools in the kernel to
> > help us do the right thing. We can have checkpatch warn developers of
> > potential dangers of using %px.
> > 
> > Have checkpatch emit a warning for usage of specifier %px.
> > 
> > Suggested-by: Andrew Morton <akpm@...ux-foundation.org>
> > Signed-off-by: Tobin C. Harding <me@...in.cc>
> > Co-Developed-by: Joe Perches <joe@...ches.com>
> > 
> > ---
> > 
> > Joe,
> > 
> > Are you happy with this tagging? Needs your signed-off-by still.
> 
> Maybe with a few corrections (below)

thanks for the tips.

> > Andrew,
> > 
> > Is it okay to add your Suggested-by tag here?
> > 
> > I'm not entirely sure when one is supposed to add someones signed-off-by
> > tag since the docs state that it should not be added without
> > permission. I am also unsure where/when is the best time to request this
> > permission.
> []
> > diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
> []
> > @@ -1612,6 +1612,17 @@ sub raw_line {
> >  	return $line;
> >  }
> >  
> > +sub stat_real {
> > +	my ($linenr, $lc) = @_;
> > +
> > +	my $stat_real = raw_line($linenr, 0);
> > +	for (my $count = $linenr + 1; $count <= $lc; $count++) {
> > +		$stat_real = $stat_real . "\n" . raw_line($count, 0);
> > +	}
> > +
> > +	return $stat_real;
> > +}
> 
> If you are going to make a subroutine of this
> there are some other places it could be used too.

Ok, I'm not super happy with sub routine name. Have you a better suggestion?

> > +
> >  sub cat_vet {
> >  	my ($vet) = @_;
> >  	my ($res, $coded);
> > @@ -5747,24 +5758,35 @@ sub process {
> >  		    defined $stat &&
> >  		    $stat =~ /^\+(?![^\{]*\{\s*).*\b(\w+)\s*\(.*$String\s*,/s &&
> >  		    $1 !~ /^_*volatile_*$/) {
> > -			my $bad_extension = "";
> > +			my ($specifier, $extension, $stat_real);
> 
> My preference is not to define multiple variables on a single line.
> I'd rather have:
> 			my $specifier;
> 			my $extension;
> 			my $stat_real;

No problem, is this a kernel wide thing or just a checkpatch thing (so I
can follow your lead if need be in leaking_addresses.pl). Or is it the
same as we do in C, in which case $extension and $specifier could be on
a single line but not $stat_real?

> > +			my $bad_specifier = "";
> >  			my $lc = $stat =~ tr@\n@@;
> >  			$lc = $lc + $linenr;
> >  		        for (my $count = $linenr; $count <= $lc; $count++) {
> >  				my $fmt = get_quoted_string($lines[$count - 1], raw_line($count, 0));
> >  				$fmt =~ s/%%//g;
> > -				if ($fmt =~ /(\%[\*\d\.]*p(?![\WFfSsBKRraEhMmIiUDdgVCbGNOx]).)/) {
> > -					$bad_extension = $1;
> > -					last;
> > +
> > +				while ($fmt =~ /(\%[\*\d\.]*p(\w))/g) {
> > +					$specifier = $1;
> > +					$extension = $2;
> > +					if ($extension !~ /[FfSsBKRraEhMmIiUDdgVCbGNOx]/) {
> > +						$bad_specifier = $specifier;
> > +						last;
> > +					}
> > +					if ($extension eq "x" && !defined($stat_real)) {
> > +						if (!defined($stat_real)) {
> > +							$stat_real = stat_real($linenr, $lc);
> > +						}
> > +						WARN("VSPRINTF_SPECIFIER_PX",
> > +						     "Using vsprintf specifier '\%px' potentially exposes the kernel layout in memory, if you don't _realy_ need the address please consider using '\%p'.\n" . "$here\n$stat_real\n");	
> 
> "kernel memory layout" not "kernel layout in memory"
> "really" not "_realy_"

Got it.

thanks,
Tobin.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ