lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 21 Feb 2020 16:25:55 +0000
From:   Quentin Perret <qperret@...gle.com>
To:     David Laight <David.Laight@...LAB.COM>
Cc:     'Will Deacon' <will@...nel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "kernel-team@...roid.com" <kernel-team@...roid.com>,
        "akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
        "K . Prasad" <prasad@...ux.vnet.ibm.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Frederic Weisbecker <frederic@...nel.org>,
        Christoph Hellwig <hch@....de>,
        Alexei Starovoitov <ast@...nel.org>,
        Masami Hiramatsu <mhiramat@...nel.org>
Subject: Re: [PATCH 0/3] Unexport kallsyms_lookup_name() and
 kallsyms_on_each_symbol()

On Friday 21 Feb 2020 at 15:41:35 (+0000), David Laight wrote:
> From: Will Deacon
> > Sent: 21 February 2020 11:44
> > Hi folks,
> > 
> > Despite having just a single modular in-tree user that I could spot,
> > kallsyms_lookup_name() is exported to modules and provides a mechanism
> > for out-of-tree modules to access and invoke arbitrary, non-exported
> > kernel symbols when kallsyms is enabled.
> 
> Now where did I put that kernel code that opens /proc/kallsyms and
> then reads it to find the addresses of symbols ...

Sure, but the point of this patch IIUC is not to make it totally
impossible to find the address of symbols in the kernel. It is just to
not make it utterly trivial for out-of-tree modules to bypass entirely
the upstream infrastructure for exported symbols.

All in all, I really don't see what is the benefit of keeping
kallsyms_lookup_name exported upstream. Especially since we don't have a
good use-case for it.

So, for the whole series:

  Reviewed-by: Quentin Perret <qperret@...gle.com>

Thanks,
Quentin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ