| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Apr 2018 17:01:44 +0900
From: Masami Hiramatsu <mhiramat@...nel.org>
To: Thomas Richter <tmricht@...ux.ibm.com>
Cc: ananth@...ux.vnet.ibm.com, anil.s.keshavamurthy@...el.com,
davem@...emloft.net, akpm@...ux-foundation.org, acme@...nel.org,
rostedt@...dmis.org, brueckner@...ux.vnet.ibm.com,
schwidefsky@...ibm.com, heiko.carstens@...ibm.com,
stable@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] kprobes: Fix random address output of blacklist file
On Thu, 26 Apr 2018 09:19:59 +0200
Thomas Richter <tmricht@...ux.ibm.com> wrote:
> File /sys/kernel/debug/kprobes/blacklist displays random addresses:
>
> [root@...60046 linux]# cat /sys/kernel/debug/kprobes/blacklist
> 0x0000000047149a90-0x00000000bfcb099a print_type_x8
> ....
>
> This breaks 'perf probe' which uses the blacklist file to prohibit
> probes on certain functions by checking the address range.
>
> Fix this by printing the correct (unhashed) address.
Yeah, but I'm not sure recent "%px" policy. I think if the user can
dump kallsyms, this also can be dumped. But kallsyms seems different
policy...
Anyway, please check my series.
https://patchwork.kernel.org/patch/10183629/
It uses to check the kallsyms policy function to check.
Unfortunately, this is not merged. Anyway, I'll repost it (on the top of tip tree)
>
> The file mode is read all but this is not an issue as the file
> hierarchy points out:
> # ls -ld /sys/ /sys/kernel/ /sys/kernel/debug/ /sys/kernel/debug/kprobes/
> /sys/kernel/debug/kprobes/blacklist
> dr-xr-xr-x 12 root root 0 Apr 19 07:56 /sys/
> drwxr-xr-x 8 root root 0 Apr 19 07:56 /sys/kernel/
> drwx------ 16 root root 0 Apr 19 06:56 /sys/kernel/debug/
> drwxr-xr-x 2 root root 0 Apr 19 06:56 /sys/kernel/debug/kprobes/
> -r--r--r-- 1 root root 0 Apr 19 06:56 /sys/kernel/debug/kprobes/blacklist
>
> Everything in and below /sys/kernel/debug is rwx to root only,
> no group or others have access.
>
> Background:
> Directory /sys/kernel/debug/kprobes is created by debugfs_create_dir()
> which sets the mode bits to rwxr-xr-x. Maybe change that to use the
> parent's directory mode bits instead?
Good catch! Yes, it should be hardened.
Anyway, that is out of this topic. I just change blacklist file mode bits
in my series.
Thank you,
>
> Fixes: ad67b74d2469 ("printk: hash addresses printed with %p")
> Cc: <stable@...r.kernel.org> # v4.15+
> Cc: <linux-kernel@...r.kernel.org>
> To: Ananth N Mavinakayanahalli <ananth@...ux.vnet.ibm.com>
> To: Anil S Keshavamurthy <anil.s.keshavamurthy@...el.com>
> To: David S Miller <davem@...emloft.net>
> To: Masami Hiramatsu <mhiramat@...nel.org>
> To: Andrew Morton <akpm@...ux-foundation.org>
> To: acme@...nel.org
> To: Steven Rostedt <rostedt@...dmis.org>
>
> Signed-off-by: Thomas Richter <tmricht@...ux.ibm.com>
> ---
> kernel/kprobes.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/kprobes.c b/kernel/kprobes.c
> index 102160ff5c66..ea619021d901 100644
> --- a/kernel/kprobes.c
> +++ b/kernel/kprobes.c
> @@ -2428,7 +2428,7 @@ static int kprobe_blacklist_seq_show(struct seq_file *m, void *v)
> struct kprobe_blacklist_entry *ent =
> list_entry(v, struct kprobe_blacklist_entry, list);
>
> - seq_printf(m, "0x%p-0x%p\t%ps\n", (void *)ent->start_addr,
> + seq_printf(m, "0x%px-0x%px\t%ps\n", (void *)ent->start_addr,
> (void *)ent->end_addr, (void *)ent->start_addr);
> return 0;
> }
> --
> 2.14.3
>
--
Masami Hiramatsu <mhiramat@...nel.org>
Powered by blists - more mailing lists