|
Message-ID: <CAPDLWs8jyL3W_sGmHtw4Uw=8U_OYfeWJd_BpBLE7zvO4c6Z_8g@mail.gmail.com> Date: Thu, 9 Nov 2017 10:13:26 +0530 From: Kaiwan N Billimoria <kaiwan.billimoria@...il.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Laura Abbott <labbott@...hat.com>, "Tobin C. Harding" <me@...in.cc>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, "Jason A. Donenfeld" <Jason@...c4.com>, "Theodore Ts'o" <tytso@....edu>, Kees Cook <keescook@...omium.org>, Paolo Bonzini <pbonzini@...hat.com>, Tycho Andersen <tycho@...ker.com>, "Roberts, William C" <william.c.roberts@...el.com>, Tejun Heo <tj@...nel.org>, Jordan Glover <Golden_Miller83@...tonmail.ch>, Greg KH <gregkh@...uxfoundation.org>, Petr Mladek <pmladek@...e.com>, Joe Perches <joe@...ches.com>, Ian Campbell <ijc@...lion.org.uk>, Sergey Senozhatsky <sergey.senozhatsky@...il.com>, Catalin Marinas <catalin.marinas@....com>, Will Deacon <wilal.deacon@....com>, Steven Rostedt <rostedt@...dmis.org>, Chris Fries <cfries@...gle.com>, Dave Weinstein <olorin@...gle.com>, Daniel Micay <danielmicay@...il.com>, Djalal Harouni <tixxdz@...il.com>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Network Development <netdev@...r.kernel.org>, David Miller <davem@...emloft.net> Subject: Re: [PATCH v4] scripts: add leaking_addresses.pl > But I don't know if there is anything else than the profiling code > that _really_ wants access to /proc/kallsyms in user space as a > regular user. Am unsure about this, but kprobes? (/jprobes/kretprobes), and by extension, wrappers over this infra (like SystemTap)? I (hazily) recollect a script I once wrote (years back though) that collects kernel virtual addresses off of kallsyms for the purpose of passing them to a 'helper' kernel module that uses kprobes. I realize that 'modern' kprobes exposes APIs that just require the symbolic name & that they're anyway at kernel privilege... but the point is, a usermode script was picking up and passing the kernel addresses. Also, what about kernel addresses exposed via System.map? Oh, just checked, it's root rw only.. pl ignore. > That said, that patch also fixes the /proc/kallsyms root check, in > that now you can do: > > sudo head < /proc/kallsyms > > and it still shows all zeroes - because the file was *opened* as a > normal user. That's how UNIX file access security works, and how it is > fundamentally supposed to work (ie passing a file descriptor to a sui > program doesn't magically make it gain privileges). Indeed.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.