| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 Mar 2020 12:51:08 -0800
From: Doug Anderson <dianders@...omium.org>
To: Daniel Thompson <daniel.thompson@...aro.org>
Cc: Jason Wessel <jason.wessel@...driver.com>,
kgdb-bugreport@...ts.sourceforge.net,
LKML <linux-kernel@...r.kernel.org>,
Patch Tracking <patches@...aro.org>,
Wang Xiayang <xywang.sjtu@...u.edu.cn>
Subject: Re: [PATCH] kdb: Censor attempts to set PROMPT without ENABLE_MEM_READ
Hi,
On Thu, Feb 13, 2020 at 8:42 AM Daniel Thompson
<daniel.thompson@...aro.org> wrote:
>
> Currently the PROMPT variable could be abused to provoke the printf()
> machinery to read outside the current stack frame. Normally this
> doesn't matter becaues md is already a much better tool for reading
> from memory.
>
> However the md command can be disabled by not setting KDB_ENABLE_MEM_READ.
> Let's also prevent PROMPT from being modified in these circumstances.
>
> Whilst adding a comment to help future code reviewers we also remove
> the #ifdef where PROMPT in consumed. There is no problem passing an
> unused (0) to snprintf when !CONFIG_SMP.
> argument
>
> Reported-by: Wang Xiayang <xywang.sjtu@...u.edu.cn>
> Signed-off-by: Daniel Thompson <daniel.thompson@...aro.org>
> ---
> kernel/debug/kdb/kdb_main.c | 12 ++++++++----
> 1 file changed, 8 insertions(+), 4 deletions(-)
I can't say I'm an expert on the kdb permissions model since I wasn't
really even aware of it before reading this patch, but your change
seems reasonable to me.
Reviewed-by: Douglas Anderson <dianders@...omium.org>
Powered by blists - more mailing lists