[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <61159548.60cf.18baec1fd65.Coremail.00107082@163.com>
Date: Wed, 8 Nov 2023 19:47:10 +0800 (CST)
From: "David Wang" <00107082@....com>
To: akpm@...ux-foundation.org, linux-mm@...ck.org,
linux-kernel@...r.kernel.org
Subject: [BUG?] mm/secretmem: memory address mapped to memfd_secret can be
used in write syscall.
Hi,
According to https://lwn.net/Articles/865256/,
the memory address got from memfd_secret/ftruncate/mmap should not be used by syscalls, since it is not accessible even by kernel.
But my test result shows that the "secret" memory could be used in syscall write, is this expected behavior?
This is my test code:
int main() {
int fd = syscall(__NR_memfd_secret, 0);
if (fd < 0) {
perror("Fail to create secret");
return -1;
}
if (ftruncate(fd, 1024) < 0) {
perror("Fail to size the secret");
return -1;
}
char *key = mmap(NULL, 1024, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
if (key == MAP_FAILED) {
perror("Fail to mmap");
return -1;
}
// should be some secure channel
strcpy(key, "ThisIsAKey");
// printf("[%d]key(%s) ready: %p\n", getpid(), key, key);
// getchar();
// make syscall, should err
write(STDOUT_FILENO, key, strlen(key)); //<-- Here the key shows up on stdout.
return 0;
}
Thanks
David
Powered by blists - more mailing lists