lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20171215124100.1317dafe@gandalf.local.home>
Date:   Fri, 15 Dec 2017 12:41:00 -0500
From:   Steven Rostedt <rostedt@...dmis.org>
To:     Peter Zijlstra <peterz@...radead.org>
Cc:     Thomas Richter <tmricht@...ux.vnet.ibm.com>, mhiramat@...nel.org,
        linux-kernel@...r.kernel.org, heiko.carstens@...ibm.com,
        schwidefsky@...ibm.com, brueckner@...ux.vnet.ibm.com
Subject: Re: [PATCH] trace/uprobes: fix output issue with address
 randomization

On Fri, 15 Dec 2017 18:31:56 +0100
Peter Zijlstra <peterz@...radead.org> wrote:

> > --- a/kernel/trace/trace_uprobe.c
> > +++ b/kernel/trace/trace_uprobe.c
> > @@ -608,7 +608,7 @@ static int probes_seq_show(struct seq_file *m, void *v)
> >  
> >  	/* Don't print "0x  (null)" when offset is 0 */
> >  	if (tu->offset) {
> > -		seq_printf(m, "0x%p", (void *)tu->offset);
> > +		seq_printf(m, "0x%px", (void *)tu->offset);
> >  	} else {
> >  		switch (sizeof(void *)) {
> >  		case 4:  
> 
> So I had a wee peek and afaict this ends up at:
> 
>         trace_create_file("uprobe_events", 0644, d_tracer,
>                                     NULL, &uprobe_events_ops);
> 
> which is a world readable file. Doesn't that leak the kaslr offset?

Usually the tracefs directory is mounted and is not world readable.

I just checked, and sure enough, after mounting tracefs, I can't read
it from non-root:

# mount -t tracefs nodev /sys/kernel/tracing/
# ls /sys/kernel/tracing/
available_events            max_graph_depth      stack_max_size
available_filter_functions  options              stack_trace
available_tracers           per_cpu              stack_trace_filter
buffer_size_kb              printk_formats       trace
buffer_total_size_kb        README               trace_clock
current_tracer              saved_cmdlines       trace_marker
dyn_ftrace_total_info       saved_cmdlines_size  trace_marker_raw
enabled_functions           saved_tgids          trace_options
eval_map                    set_event            trace_pipe
events                      set_event_pid        trace_stat
free_buffer                 set_ftrace_filter    tracing_cpumask
function_profile_enabled    set_ftrace_notrace   tracing_max_latency
hwlat_detector              set_ftrace_pid       tracing_on
instances                   set_graph_function   tracing_thresh
kprobe_events               set_graph_notrace    uprobe_events
kprobe_profile              snapshot             uprobe_profile

# exit
$ ls /sys/kernel/tracing/
ls: cannot open directory '/sys/kernel/tracing/': Permission denied

-- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ