From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ingo Molnar Subject: Re: [PATCH v3 1/7] kprobes: Make blacklist root user read only Date: Fri, 27 Apr 2018 09:04:12 +0200 Message-ID: <20180427070412.utb5e53zbnajcfv2@gmail.com> References: <152481117776.22588.1210388093668905564.stgit@devbox> <152481120919.22588.16126591608892708741.stgit@devbox> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: <152481120919.22588.16126591608892708741.stgit@devbox> Sender: linux-kernel-owner@vger.kernel.org To: Masami Hiramatsu Cc: linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, Ingo Molnar , "H . Peter Anvin" , x86@kernel.org, Ananth N Mavinakayanahalli , Anil S Keshavamurthy , "David S . Miller" , Jon Medhurst , Will Deacon , Arnd Bergmann , David Howells , Heiko Carstens , "Tobin C . Harding" , Linus Torvalds , Thomas Richter , akpm@linux-foundation.org, acme@kernel.org, rostedt@goodmis.org, brueckner@linux.vnet.ibm.com, schwidefsky@de.ibm.com, stable@vger.kernel.org List-Id: linux-arch.vger.kernel.org * Masami Hiramatsu wrote: > Since the blacklist file indicates a sensitive address > information to reader, it should be restricted to the > root user. > > Suggested-by: Thomas Richter > Signed-off-by: Masami Hiramatsu > --- > kernel/kprobes.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/kprobes.c b/kernel/kprobes.c > index ea619021d901..51096eece801 100644 > --- a/kernel/kprobes.c > +++ b/kernel/kprobes.c > @@ -2621,7 +2621,7 @@ static int __init debugfs_kprobe_init(void) > if (!file) > goto error; > > - file = debugfs_create_file("blacklist", 0444, dir, NULL, > + file = debugfs_create_file("blacklist", 0400, dir, NULL, > &debugfs_kprobe_blacklist_ops); > if (!file) > goto error; Note that in a typical Linux distro debugfs is already root-only: fomalhaut:~> ls -ld /sys/kernel/debug drwx------ 28 root root 0 Apr 23 08:55 /sys/kernel/debug but this change might make sense if debugfs is mounted in some other fashion. But the patch looks incomplete, 'blacklist' is not the only word-readable file in the kprobes hierarchy. The kprobes directory itself, and the 'list' file is readable as well: [root@fomalhaut ~]# ls -ld /sys/kernel/debug/kprobes drwxr-xr-x 2 root root 0 Apr 23 08:55 /sys/kernel/debug/kprobes [root@fomalhaut ~]# ls -l /sys/kernel/debug/kprobes/ -r--r--r-- 1 root root 0 Apr 23 08:55 blacklist -rw------- 1 root root 0 Apr 23 08:55 enabled -r--r--r-- 1 root root 0 Apr 23 08:55 list So not just the blacklist should be 400 but 'list' as well, and the main kprobes directory as well. Thanks, Ingo From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-f65.google.com ([74.125.82.65]:38012 "EHLO mail-wm0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757367AbeD0HEQ (ORCPT ); Fri, 27 Apr 2018 03:04:16 -0400 Date: Fri, 27 Apr 2018 09:04:12 +0200 From: Ingo Molnar Subject: Re: [PATCH v3 1/7] kprobes: Make blacklist root user read only Message-ID: <20180427070412.utb5e53zbnajcfv2@gmail.com> References: <152481117776.22588.1210388093668905564.stgit@devbox> <152481120919.22588.16126591608892708741.stgit@devbox> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <152481120919.22588.16126591608892708741.stgit@devbox> Sender: linux-arch-owner@vger.kernel.org List-ID: To: Masami Hiramatsu Cc: linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, Ingo Molnar , "H . Peter Anvin" , x86@kernel.org, Ananth N Mavinakayanahalli , Anil S Keshavamurthy , "David S . Miller" , Jon Medhurst , Will Deacon , Arnd Bergmann , David Howells , Heiko Carstens , "Tobin C . Harding" , Linus Torvalds , Thomas Richter , akpm@linux-foundation.org, acme@kernel.org, rostedt@goodmis.org, brueckner@linux.vnet.ibm.com, schwidefsky@de.ibm.com, stable@vger.kernel.org Message-ID: <20180427070412.haFsejVg6IvHKku1x92xDtxO3SdLvpRcutDbto3uvYc@z> * Masami Hiramatsu wrote: > Since the blacklist file indicates a sensitive address > information to reader, it should be restricted to the > root user. > > Suggested-by: Thomas Richter > Signed-off-by: Masami Hiramatsu > --- > kernel/kprobes.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/kprobes.c b/kernel/kprobes.c > index ea619021d901..51096eece801 100644 > --- a/kernel/kprobes.c > +++ b/kernel/kprobes.c > @@ -2621,7 +2621,7 @@ static int __init debugfs_kprobe_init(void) > if (!file) > goto error; > > - file = debugfs_create_file("blacklist", 0444, dir, NULL, > + file = debugfs_create_file("blacklist", 0400, dir, NULL, > &debugfs_kprobe_blacklist_ops); > if (!file) > goto error; Note that in a typical Linux distro debugfs is already root-only: fomalhaut:~> ls -ld /sys/kernel/debug drwx------ 28 root root 0 Apr 23 08:55 /sys/kernel/debug but this change might make sense if debugfs is mounted in some other fashion. But the patch looks incomplete, 'blacklist' is not the only word-readable file in the kprobes hierarchy. The kprobes directory itself, and the 'list' file is readable as well: [root@fomalhaut ~]# ls -ld /sys/kernel/debug/kprobes drwxr-xr-x 2 root root 0 Apr 23 08:55 /sys/kernel/debug/kprobes [root@fomalhaut ~]# ls -l /sys/kernel/debug/kprobes/ -r--r--r-- 1 root root 0 Apr 23 08:55 blacklist -rw------- 1 root root 0 Apr 23 08:55 enabled -r--r--r-- 1 root root 0 Apr 23 08:55 list So not just the blacklist should be 400 but 'list' as well, and the main kprobes directory as well. Thanks, Ingo