lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 28 Apr 2018 00:58:31 +0900 From: Masami Hiramatsu <mhiramat@...nel.org> To: Ingo Molnar <mingo@...nel.org> Cc: linux-kernel@...r.kernel.org, linux-arch@...r.kernel.org, Ingo Molnar <mingo@...hat.com>, "H . Peter Anvin" <hpa@...or.com>, x86@...nel.org, Ananth N Mavinakayanahalli <ananth@...ibm.com>, Anil S Keshavamurthy <anil.s.keshavamurthy@...el.com>, "David S . Miller" <davem@...emloft.net>, Jon Medhurst <tixy@...aro.org>, Will Deacon <will.deacon@....com>, Arnd Bergmann <arnd@...db.de>, David Howells <dhowells@...hat.com>, Heiko Carstens <heiko.carstens@...ibm.com>, "Tobin C . Harding" <me@...in.cc>, Linus Torvalds <torvalds@...ux-foundation.org>, Thomas Richter <tmricht@...ux.ibm.com>, akpm@...ux-foundation.org, acme@...nel.org, rostedt@...dmis.org, brueckner@...ux.vnet.ibm.com, schwidefsky@...ibm.com, stable@...r.kernel.org Subject: Re: [PATCH v3 1/7] kprobes: Make blacklist root user read only On Fri, 27 Apr 2018 09:04:12 +0200 Ingo Molnar <mingo@...nel.org> wrote: > > * Masami Hiramatsu <mhiramat@...nel.org> wrote: > > > Since the blacklist file indicates a sensitive address > > information to reader, it should be restricted to the > > root user. > > > > Suggested-by: Thomas Richter <tmricht@...ux.ibm.com> > > Signed-off-by: Masami Hiramatsu <mhiramat@...nel.org> > > --- > > kernel/kprobes.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/kernel/kprobes.c b/kernel/kprobes.c > > index ea619021d901..51096eece801 100644 > > --- a/kernel/kprobes.c > > +++ b/kernel/kprobes.c > > @@ -2621,7 +2621,7 @@ static int __init debugfs_kprobe_init(void) > > if (!file) > > goto error; > > > > - file = debugfs_create_file("blacklist", 0444, dir, NULL, > > + file = debugfs_create_file("blacklist", 0400, dir, NULL, > > &debugfs_kprobe_blacklist_ops); > > if (!file) > > goto error; > > Note that in a typical Linux distro debugfs is already root-only: > > fomalhaut:~> ls -ld /sys/kernel/debug > drwx------ 28 root root 0 Apr 23 08:55 /sys/kernel/debug > > but this change might make sense if debugfs is mounted in some other fashion. > > But the patch looks incomplete, 'blacklist' is not the only word-readable file in > the kprobes hierarchy. The kprobes directory itself, and the 'list' file is > readable as well: > > [root@...alhaut ~]# ls -ld /sys/kernel/debug/kprobes > drwxr-xr-x 2 root root 0 Apr 23 08:55 /sys/kernel/debug/kprobes > > [root@...alhaut ~]# ls -l /sys/kernel/debug/kprobes/ > > -r--r--r-- 1 root root 0 Apr 23 08:55 blacklist > -rw------- 1 root root 0 Apr 23 08:55 enabled > -r--r--r-- 1 root root 0 Apr 23 08:55 list > > So not just the blacklist should be 400 but 'list' as well, and the main kprobes > directory as well. OK, I'll mark it 0400 too. For the kprobes directory, as Thomas pointed in the original thread, that is currently debugfs API's limitation. https://patchwork.kernel.org/patch/10364817/ We only have debugfs_create_dir() but it doesn't have "mode" flag. struct dentry *debugfs_create_dir(const char *name, struct dentry *parent); And doesn't care the parent mode bits. Thanks, -- Masami Hiramatsu <mhiramat@...nel.org>
Powered by blists - more mailing lists