lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 18 Aug 2022 22:44:02 +0200
From:   Helge Deller <deller@....de>
To:     Alexey Dobriyan <adobriyan@...il.com>,
        Andrew Morton <akpm@...ux-foundation.org>
Cc:     linux-kernel@...r.kernel.org, josh@...htriplett.org
Subject: Re: +
 lib-dump_stack-add-dump_stack_print_cmdline-and-wire-up-in-dump_stack_print_info.patch
 added to mm-nonmm-unstable branch

On 8/18/22 07:50, Alexey Dobriyan wrote:
> On Wed, Aug 17, 2022 at 12:55:40PM -0700, Andrew Morton wrote:
>> Add the function dump_stack_print_cmdline() which can be used by arch code
>> to print the command line of the current processs.  This function is
>> useful in arch code when dumping information for a faulting process.
>>
>> Wire this function up in the dump_stack_print_info() function to include
>> the dumping of the command line for architectures which use
>> dump_stack_print_info().
>>
>> As an example, with this patch a failing glibc testcase (which uses
>> ld.so.1 as starting program) up to now reported just "ld.so.1" failing:
>>
>>  do_page_fault() command='ld.so.1' type=15 address=0x565921d8 in libc.so[f7339000+1bb000]
>>  trap #15: Data TLB miss fault, vm_start = 0x0001a000, vm_end = 0x0001b000
>>
>> and now it reports in addition:
>>
>>  ld.so.1[1151] cmdline: /home/gnu/glibc/objdir/elf/ld.so.1 --library-path =
>> /home/gnu/glibc/objdir:/home/gnu/glibc/objdir/math:/home/gnu/
>>     /home/gnu/glibc/objdir/malloc/tst-safe-linking-malloc-hugetlb1
>>
>> Josh Triplett noted that dumping such command line parameters into syslog
>> may theoretically lead to information disclosure.  That's why this patch
>> checks the value of the kptr_restrict sysctl variable and will not print
>> any information if kptr_restrict==2, and will not show the program
>> parameters if kptr_restrict==1.
>
> This whole feature needs its own sysctl. How is "kernel pointer restriction"
> is related to "dump full command line to syslog at segfault"?

Usually if you enable one of those b/c of security concerns, then you probably
want to enable the other as well. So, to some degree it makes sense.
The original discussion is here:
https://lore.kernel.org/lkml/a0bf15a2-2f9c-5603-3adb-ffa705572a92@gmx.de/T/#mfa009226e45e2420db5e7f4e980e381be6434448

But I'm fine with adding another sysctl too, if that's the preferred solution.
If so, any suggestions?
And, the sysctl could be added later too...

> I've checked my non-customised Fedora system and kptr_restrict is 0.
> It looks like Centos and Ubuntu ship with kptr_restrict=1.

... which seems ok then, IMHO.

> There was a patch recently to hide specific command line options from
> /proc/*/cmdline because some programs accept passwords from the command
> line.

Do you have a link to that?

Helge

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ