Re: [PATCH] tracing: do not leak kernel addresses

From: Steven Rostedt
Date: Thu Jul 26 2018 - 18:16:05 EST

Next message: Stephen Rothwell: "Re: linux-next: build failure after merge of the block tree"
Previous message: Dominique Martinet: "Re: [PATCH] 9p: fix NULL pointer dereferences"
In reply to: Nick Desaulniers: "Re: [PATCH] tracing: do not leak kernel addresses"
Next in thread: Jordan Glover: "Re: [PATCH] tracing: do not leak kernel addresses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 26 Jul 2018 09:52:11 -0700
Nick Desaulniers <ndesaulniers@xxxxxxxxxx> wrote:

> See the section "Kernel addresses" in
> Documentation/security/self-protection. IIRC, the issue is that a
> process may have CAP_SYSLOG but not necessarily CAP_SYS_ADMIN (so it
> can read dmesg, but not necessarily issue a sysctl to change
> kptr_restrict), get compromised and used to leak kernel addresses,
> which can then be used to defeat KASLR.

But the code doesn't go to dmesg. It's only available
via /sys/kernel/debug/tracing/printk_formats which is only available
via root. Nobody else has access to that directory.

-- Steve

Next message: Stephen Rothwell: "Re: linux-next: build failure after merge of the block tree"
Previous message: Dominique Martinet: "Re: [PATCH] 9p: fix NULL pointer dereferences"
In reply to: Nick Desaulniers: "Re: [PATCH] tracing: do not leak kernel addresses"
Next in thread: Jordan Glover: "Re: [PATCH] tracing: do not leak kernel addresses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]