[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <201910281213.720C0DB89@keescook>
Date: Mon, 28 Oct 2019 12:16:36 -0700
From: Kees Cook <keescook@...omium.org>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: zhanglin <zhang.lin16@....com.cn>, dan.j.williams@...el.com,
jgg@...pe.ca, mingo@...nel.org, dave.hansen@...ux.intel.com,
namit@...are.com, bp@...e.de, christophe.leroy@....fr,
rdunlap@...radead.org, osalvador@...e.de,
richardw.yang@...ux.intel.com, linux-kernel@...r.kernel.org,
xue.zhihong@....com.cn, wang.yi59@....com.cn,
jiang.xuexin@....com.cn
Subject: Re: [PATCH] kernel: Restrict permissions of /proc/iomem.
On Fri, Oct 25, 2019 at 02:32:20PM -0700, Andrew Morton wrote:
> On Fri, 25 Oct 2019 16:56:41 +0800 zhanglin <zhang.lin16@....com.cn> wrote:
>
> > The permissions of /proc/iomem currently are -r--r--r--. Everyone can
> > see its content. As iomem contains information about the physical memory
> > content of the device, restrict the information only to root.
> >
> > ...
> >
> > --- a/kernel/resource.c
> > +++ b/kernel/resource.c
> > @@ -139,7 +139,8 @@ static int __init ioresources_init(void)
> > {
> > proc_create_seq_data("ioports", 0, NULL, &resource_op,
> > &ioport_resource);
> > - proc_create_seq_data("iomem", 0, NULL, &resource_op, &iomem_resource);
> > + proc_create_seq_data("iomem", S_IRUSR, NULL, &resource_op,
> > + &iomem_resource);
> > return 0;
> > }
> > __initcall(ioresources_init);
>
> It's risky to change things like this - heaven knows which userspace
> applications might break.
>
> Possibly we could obfuscate the information if that is considered
> desirable. Why is this a problem anyway? What are the possible
> exploit scenarios?
This is already done: kptr_restrict sysctl already zeros these values
if it is set. e.g.:
00000000-00000000 : System RAM
00000000-00000000 : Kernel code
00000000-00000000 : Kernel data
00000000-00000000 : Kernel bss
> Can't the same info be obtained by running dmesg and looking at the
> startup info?
Both virtual and physical address dumps in dmesg are considered "bad
form" these days and most have been removed.
> Can't the user who is concerned about this run chmod 0400 /proc/iomem
> at boot?
That is also possible.
> Maybe Kees has an opinion?
I do! :) System owners should either set kptr_restrict (or the CONFIG),
or do a chmod.
--
Kees Cook
Powered by blists - more mailing lists