| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Dec 2017 10:53:29 +1100
From: "Tobin C. Harding" <me@...in.cc>
To: kernel-hardening@...ts.openwall.com
Cc: "Tobin C. Harding" <me@...in.cc>,
Steven Rostedt <rostedt@...dmis.org>,
Tycho Andersen <tycho@...ho.ws>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Kees Cook <keescook@...omium.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Daniel Borkmann <daniel@...earbox.net>,
Masahiro Yamada <yamada.masahiro@...ionext.com>,
Alexei Starovoitov <ast@...nel.org>,
linux-kernel@...r.kernel.org,
Network Development <netdev@...r.kernel.org>
Subject: [PATCH 0/3] kallsyms: don't leak address
This set plugs a kernel address leak that occurs if kallsyms symbol
look up fails. This set was prompted by a leaking address found using
scripts/leaking_addresses.pl on a PowerPC machine in the wild.
Patch set does not change behaviour when KALLSYMS is not defined
(suggested by Linus).
RFC has been in flight for 3 weeks with no negative response.
Patch 1 - return error code if symbol look up fails.
Patch 2 - print <no-symbol> to buffer if symbol look up returns an error.
Patch 3 - maintain current behaviour in ftrace.
Patch 3 (the ftrace stuff) is untested.
thanks,
Tobin.
Tobin C. Harding (3):
kallsyms: don't leak address when symbol not found
vsprintf: print <no-symbol> if symbol not found
trace: print address if symbol not found
include/linux/kernel.h | 2 ++
kernel/kallsyms.c | 6 ++++--
kernel/trace/trace.h | 24 ++++++++++++++++++++++++
kernel/trace/trace_events_hist.c | 6 +++---
lib/vsprintf.c | 18 +++++++++++++++---
5 files changed, 48 insertions(+), 8 deletions(-)
--
2.7.4
Powered by blists - more mailing lists