| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 28 Apr 2018 00:58:31 +0900
From: Masami Hiramatsu <mhiramat@...nel.org>
To: Ingo Molnar <mingo@...nel.org>
Cc: linux-kernel@...r.kernel.org, linux-arch@...r.kernel.org,
Ingo Molnar <mingo@...hat.com>,
"H . Peter Anvin" <hpa@...or.com>, x86@...nel.org,
Ananth N Mavinakayanahalli <ananth@...ibm.com>,
Anil S Keshavamurthy <anil.s.keshavamurthy@...el.com>,
"David S . Miller" <davem@...emloft.net>,
Jon Medhurst <tixy@...aro.org>,
Will Deacon <will.deacon@....com>,
Arnd Bergmann <arnd@...db.de>,
David Howells <dhowells@...hat.com>,
Heiko Carstens <heiko.carstens@...ibm.com>,
"Tobin C . Harding" <me@...in.cc>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Thomas Richter <tmricht@...ux.ibm.com>,
akpm@...ux-foundation.org, acme@...nel.org, rostedt@...dmis.org,
brueckner@...ux.vnet.ibm.com, schwidefsky@...ibm.com,
stable@...r.kernel.org
Subject: Re: [PATCH v3 1/7] kprobes: Make blacklist root user read only
On Fri, 27 Apr 2018 09:04:12 +0200
Ingo Molnar <mingo@...nel.org> wrote:
>
> * Masami Hiramatsu <mhiramat@...nel.org> wrote:
>
> > Since the blacklist file indicates a sensitive address
> > information to reader, it should be restricted to the
> > root user.
> >
> > Suggested-by: Thomas Richter <tmricht@...ux.ibm.com>
> > Signed-off-by: Masami Hiramatsu <mhiramat@...nel.org>
> > ---
> > kernel/kprobes.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/kernel/kprobes.c b/kernel/kprobes.c
> > index ea619021d901..51096eece801 100644
> > --- a/kernel/kprobes.c
> > +++ b/kernel/kprobes.c
> > @@ -2621,7 +2621,7 @@ static int __init debugfs_kprobe_init(void)
> > if (!file)
> > goto error;
> >
> > - file = debugfs_create_file("blacklist", 0444, dir, NULL,
> > + file = debugfs_create_file("blacklist", 0400, dir, NULL,
> > &debugfs_kprobe_blacklist_ops);
> > if (!file)
> > goto error;
>
> Note that in a typical Linux distro debugfs is already root-only:
>
> fomalhaut:~> ls -ld /sys/kernel/debug
> drwx------ 28 root root 0 Apr 23 08:55 /sys/kernel/debug
>
> but this change might make sense if debugfs is mounted in some other fashion.
>
> But the patch looks incomplete, 'blacklist' is not the only word-readable file in
> the kprobes hierarchy. The kprobes directory itself, and the 'list' file is
> readable as well:
>
> [root@...alhaut ~]# ls -ld /sys/kernel/debug/kprobes
> drwxr-xr-x 2 root root 0 Apr 23 08:55 /sys/kernel/debug/kprobes
>
> [root@...alhaut ~]# ls -l /sys/kernel/debug/kprobes/
>
> -r--r--r-- 1 root root 0 Apr 23 08:55 blacklist
> -rw------- 1 root root 0 Apr 23 08:55 enabled
> -r--r--r-- 1 root root 0 Apr 23 08:55 list
>
> So not just the blacklist should be 400 but 'list' as well, and the main kprobes
> directory as well.
OK, I'll mark it 0400 too.
For the kprobes directory, as Thomas pointed in the original thread,
that is currently debugfs API's limitation.
https://patchwork.kernel.org/patch/10364817/
We only have debugfs_create_dir() but it doesn't have "mode" flag.
struct dentry *debugfs_create_dir(const char *name, struct dentry *parent);
And doesn't care the parent mode bits.
Thanks,
--
Masami Hiramatsu <mhiramat@...nel.org>
Powered by blists - more mailing lists