Re: [PATCH] trace/uprobes: fix output issue with address randomization
From: Steven Rostedt
Date: Fri Dec 15 2017 - 12:41:07 EST
On Fri, 15 Dec 2017 18:31:56 +0100
Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
> > --- a/kernel/trace/trace_uprobe.c
> > +++ b/kernel/trace/trace_uprobe.c
> > @@ -608,7 +608,7 @@ static int probes_seq_show(struct seq_file *m, void *v)
> >
> > /* Don't print "0x (null)" when offset is 0 */
> > if (tu->offset) {
> > - seq_printf(m, "0x%p", (void *)tu->offset);
> > + seq_printf(m, "0x%px", (void *)tu->offset);
> > } else {
> > switch (sizeof(void *)) {
> > case 4:
>
> So I had a wee peek and afaict this ends up at:
>
> trace_create_file("uprobe_events", 0644, d_tracer,
> NULL, &uprobe_events_ops);
>
> which is a world readable file. Doesn't that leak the kaslr offset?
Usually the tracefs directory is mounted and is not world readable.
I just checked, and sure enough, after mounting tracefs, I can't read
it from non-root:
# mount -t tracefs nodev /sys/kernel/tracing/
# ls /sys/kernel/tracing/
available_events max_graph_depth stack_max_size
available_filter_functions options stack_trace
available_tracers per_cpu stack_trace_filter
buffer_size_kb printk_formats trace
buffer_total_size_kb README trace_clock
current_tracer saved_cmdlines trace_marker
dyn_ftrace_total_info saved_cmdlines_size trace_marker_raw
enabled_functions saved_tgids trace_options
eval_map set_event trace_pipe
events set_event_pid trace_stat
free_buffer set_ftrace_filter tracing_cpumask
function_profile_enabled set_ftrace_notrace tracing_max_latency
hwlat_detector set_ftrace_pid tracing_on
instances set_graph_function tracing_thresh
kprobe_events set_graph_notrace uprobe_events
kprobe_profile snapshot uprobe_profile
# exit
$ ls /sys/kernel/tracing/
ls: cannot open directory '/sys/kernel/tracing/': Permission denied
-- Steve