Re: [BUG] What is "__ptrval__" in my dmesg logs? Bad "%p" expansion?

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Tom Li <tomli@tomli.me>
To: Chris Rankin <rankincj@gmail.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [BUG] What is "__ptrval__" in my dmesg logs? Bad "%p" expansion?
Date: Sun, 3 Feb 2019 22:35:44 +0800	[thread overview]
Message-ID: <20190203143544.GA24267@localhost.localdomain> (raw)
In-Reply-To: <CAK2bqV+YhN7L=NYOMEkOvzRSa7-p51RnsRxR_=inNt+6OcsKvw@mail.gmail.com>

This is not a bug, rather, this is a security feature that fixes
the original behavior, which is now considered an infoleak vul-
nerability.

Currently, the address of internal data structures are protected
by Kernel Address Space Layout Randomization (KASLR), it forces
attackers to bruteforce the location they need to overwrite, thus
together with W^X mappings, increases the difficulty of exploiting
the kernel. However, showing values of raw pointers will reveal an
address of a known internal data structure, allowing an attacker to
calculate the location of critical data structure within the kernel,
therefore completely defeating the protection by ASLR. This is why
disallowing normal users to "dmesg" used to considered a way to
improve system security.

As a security measure, the value of "%p" is now hidden by default.

Happy Hacking,
Tom Li

     prev parent reply	other threads:[~2019-02-03 14:36 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-02-03 14:09 [BUG] What is "__ptrval__" in my dmesg logs? Bad "%p" expansion? Chris Rankin
2019-02-03 14:35 ` Tom Li [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190203143544.GA24267@localhost.localdomain \
    --to=tomli@tomli.me \
    --cc=linux-kernel@vger.kernel.org \
    --cc=rankincj@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox