From: "Tobin C. Harding" <me@tobin.cc>
To: Kaiwan N Billimoria <kaiwan@kaiwantech.com>
Cc: Kees Cook <keescook@chromium.org>,
kernel-hardening@lists.openwall.com,
LKML <linux-kernel@vger.kernel.org>,
Network Development <netdev@vger.kernel.org>,
Steven Rostedt <rostedt@goodmis.org>,
Tycho Andersen <tycho@tycho.ws>
Subject: Re: [kernel-hardening] Re: [RFC 0/3] kallsyms: don't leak address when printing symbol
Date: Thu, 30 Nov 2017 10:58:34 +1100 [thread overview]
Message-ID: <20171129235834.GQ6217@eros> (raw)
In-Reply-To: <CAPDLWs8tJ5voge-gS-W+gxpRRk2GximPkGm1d9pxf5QNbCKufA@mail.gmail.com>
On Tue, Nov 28, 2017 at 08:58:44AM +0530, Kaiwan N Billimoria wrote:
> On Tue, Nov 28, 2017 at 7:20 AM, Tobin C. Harding <me@tobin.cc> wrote:
> >
> > Noob question: how do we _know_ this. In other words how do we know no
> > userland tools rely on the current behaviour? No stress to answer Kees,
> > this is a pretty general kernel dev question.
>
> Perhaps I'm reading this wrong, but anyway: besides ftrace, kprobes
> will require a
> symbol-to-address lookup. Specifically, in the function
> kprobe_lookup_name() which
> in turn invokes kallsyms_lookup_name().
We should be right for this call chain because the patch doesn't touch
kallsyms_lookup_name().
> AFAIK, SystemTap (userland) is built on top of the kprobes infrastructure..
This actually indirectly answers the concern. Since no userland tool
should be looking up a kernel address the only code we can break is
kernel code.
thanks,
Tobin
prev parent reply other threads:[~2017-11-29 23:58 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-27 22:30 [kernel-hardening] [RFC 0/3] kallsyms: don't leak address when printing symbol Tobin C. Harding
2017-11-27 22:30 ` Tobin C. Harding
2017-11-27 22:30 ` [kernel-hardening] [RFC 1/3] kallsyms: don't leak address when symbol not found Tobin C. Harding
2017-11-27 22:30 ` Tobin C. Harding
2017-11-30 0:16 ` [kernel-hardening] " Tobin C. Harding
2017-11-30 0:16 ` Tobin C. Harding
2017-11-27 22:30 ` [kernel-hardening] [RFC 2/3] vsprintf: print <no-symbol> if " Tobin C. Harding
2017-11-27 22:30 ` Tobin C. Harding
2017-11-27 22:30 ` Tobin C. Harding
2017-11-27 22:30 ` [kernel-hardening] [RFC 3/3] trace: print address " Tobin C. Harding
2017-11-27 22:30 ` Tobin C. Harding
2017-11-28 0:52 ` [kernel-hardening] Re: [RFC 0/3] kallsyms: don't leak address when printing symbol Kees Cook
2017-11-28 0:52 ` Kees Cook
2017-11-28 1:50 ` [kernel-hardening] " Tobin C. Harding
2017-11-28 1:50 ` Tobin C. Harding
2017-11-28 3:28 ` [kernel-hardening] " Kaiwan N Billimoria
2017-11-29 23:58 ` Tobin C. Harding [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171129235834.GQ6217@eros \
--to=me@tobin.cc \
--cc=kaiwan@kaiwantech.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=rostedt@goodmis.org \
--cc=tycho@tycho.ws \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.