From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stephen Hemminger Subject: Re: [PATCH 2/10] Fix leaking of kernel heap addresses in net/ Date: Thu, 11 Nov 2010 17:17:54 -0800 Message-ID: <20101111171754.0198e151@nehalam> References: <1289524019.5167.66.camel@dan> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: "David S. Miller" , Oliver Hartkopp , Alexey Kuznetsov , Urs Thuermann , Hideaki YOSHIFUJI , Patrick McHardy , James Morris , Remi Denis-Courmont , "Pekka Savola (ipv6)" , Sridhar Samudrala , Vlad Yasevich , Tejun Heo , Eric Dumazet , Li Zefan , Joe Perches , Jamal Hadi Salim , "Eric W. Biederman" , Alexey Dobriyan , Jiri Pirko , Johannes Berg , Daniel Lezcano , Pavel Emelyanov , socketcan-core@l To: Dan Rosenberg Return-path: Received: from mail.vyatta.com ([76.74.103.46]:52656 "EHLO mail.vyatta.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757366Ab0KLBR6 (ORCPT ); Thu, 11 Nov 2010 20:17:58 -0500 In-Reply-To: <1289524019.5167.66.camel@dan> Sender: netdev-owner@vger.kernel.org List-ID: On Thu, 11 Nov 2010 20:06:59 -0500 Dan Rosenberg wrote: > diff --git a/net/can/bcm.c b/net/can/bcm.c > index 08ffe9e..5960ad7 100644 > --- a/net/can/bcm.c > +++ b/net/can/bcm.c > @@ -165,9 +165,16 @@ static int bcm_proc_show(struct seq_file *m, void *v) > struct bcm_sock *bo = bcm_sk(sk); > struct bcm_op *op; > > - seq_printf(m, ">>> socket %p", sk->sk_socket); > - seq_printf(m, " / sk %p", sk); > - seq_printf(m, " / bo %p", bo); > + /* Only expose kernel addresses to privileged readers */ > + if (capable(CAP_NET_ADMIN)) > + seq_printf(m, ">>> socket %p", sk->sk_socket); > + seq_printf(m, " / sk %p", sk); > + seq_printf(m, " / bo %p", bo); > + else > + seq_printf(m, ">>> socket %lu", sock_i_ino(sk)); > + seq_printf(m, " / sk %d", 0); > + seq_printf(m, " / bo %d", 0); > + Printing different data based on security state seems like an ABI nightmare. --