lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 28 Oct 2019 12:16:36 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Andrew Morton <akpm@...ux-foundation.org>
Cc:     zhanglin <zhang.lin16@....com.cn>, dan.j.williams@...el.com,
        jgg@...pe.ca, mingo@...nel.org, dave.hansen@...ux.intel.com,
        namit@...are.com, bp@...e.de, christophe.leroy@....fr,
        rdunlap@...radead.org, osalvador@...e.de,
        richardw.yang@...ux.intel.com, linux-kernel@...r.kernel.org,
        xue.zhihong@....com.cn, wang.yi59@....com.cn,
        jiang.xuexin@....com.cn
Subject: Re: [PATCH] kernel: Restrict permissions of /proc/iomem.

On Fri, Oct 25, 2019 at 02:32:20PM -0700, Andrew Morton wrote:
> On Fri, 25 Oct 2019 16:56:41 +0800 zhanglin <zhang.lin16@....com.cn> wrote:
> 
> > The permissions of /proc/iomem currently are -r--r--r--. Everyone can
> > see its content. As iomem contains information about the physical memory
> > content of the device, restrict the information only to root.
> > 
> > ...
> >
> > --- a/kernel/resource.c
> > +++ b/kernel/resource.c
> > @@ -139,7 +139,8 @@ static int __init ioresources_init(void)
> >  {
> >  	proc_create_seq_data("ioports", 0, NULL, &resource_op,
> >  			&ioport_resource);
> > -	proc_create_seq_data("iomem", 0, NULL, &resource_op, &iomem_resource);
> > +	proc_create_seq_data("iomem", S_IRUSR, NULL, &resource_op,
> > +			&iomem_resource);
> >  	return 0;
> >  }
> >  __initcall(ioresources_init);
> 
> It's risky to change things like this - heaven knows which userspace
> applications might break.
> 
> Possibly we could obfuscate the information if that is considered
> desirable.  Why is this a problem anyway?  What are the possible
> exploit scenarios?

This is already done: kptr_restrict sysctl already zeros these values
if it is set. e.g.:

00000000-00000000 : System RAM
  00000000-00000000 : Kernel code
  00000000-00000000 : Kernel data
  00000000-00000000 : Kernel bss

> Can't the same info be obtained by running dmesg and looking at the
> startup info?

Both virtual and physical address dumps in dmesg are considered "bad
form" these days and most have been removed.

> Can't the user who is concerned about this run chmod 0400 /proc/iomem
> at boot?

That is also possible.

> Maybe Kees has an opinion?

I do! :) System owners should either set kptr_restrict (or the CONFIG),
or do a chmod.

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ