From: "Tobin C. Harding" <me@tobin.cc>
To: Michael Ellerman <mpe@ellerman.id.au>
Cc: kernel-hardening@lists.openwall.com,
"Jason A. Donenfeld" <Jason@zx2c4.com>,
Theodore Ts'o <tytso@mit.edu>,
Linus Torvalds <torvalds@linux-foundation.org>,
Kees Cook <keescook@chromium.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Tycho Andersen <tycho@docker.com>,
"Roberts, William C" <william.c.roberts@intel.com>,
Tejun Heo <tj@kernel.org>,
Jordan Glover <Golden_Miller83@protonmail.ch>,
Greg KH <gregkh@linuxfoundation.org>,
Petr Mladek <pmladek@suse.com>, Joe Perches <joe@perches.com>,
Ian Campbell <ijc@hellion.org.uk>,
Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <wilal.deacon@arm.com>,
Steven Rostedt <rostedt@goodmis.org>,
Chris Fries <cfries@google.com>,
Dave Weinstein <olorin@goo
Subject: Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl
Date: Thu, 9 Nov 2017 08:16:08 +1100 [thread overview]
Message-ID: <20171108211608.GC27823@eros> (raw)
In-Reply-To: <87k1z12cof.fsf@concordia.ellerman.id.au>
On Wed, Nov 08, 2017 at 11:10:56PM +1100, Michael Ellerman wrote:
> "Tobin C. Harding" <me@tobin.cc> writes:
> > Currently we are leaking addresses from the kernel to user space. This
> > script is an attempt to find some of those leakages. Script parses
> > `dmesg` output and /proc and /sys files for hex strings that look like
> > kernel addresses.
> >
> > Only works for 64 bit kernels, the reason being that kernel addresses
> > on 64 bit kernels have 'ffff' as the leading bit pattern making greping
> > possible.
>
> That doesn't work super well on other architectures :D
>
> I don't speak perl but presumably you can check the arch somehow and
> customise the regex?
I'm on it.
> ...
> > +# Return _all_ non false positive addresses from $line.
> > +sub extract_addresses
> > +{
> > + my ($line) = @_;
> > + my $address = '\b(0x)?ffff[[:xdigit:]]{12}\b';
>
> On 64-bit powerpc (ppc64/ppc64le) we'd want:
>
> + my $address = '\b(0x)?[89abcdef]00[[:xdigit:]]{13}\b';
This is great! Thanks a million. This gives me the idea of getting in
contact with people who have access to other [64 bit] architectures and
getting the address format. I guess a dump of kallsyms from each
architecture would do the job nicely.
> > +# Do not parse these files (absolute path).
> > +my @skip_parse_files_abs = ('/proc/kmsg',
> > + '/proc/kcore',
> > + '/proc/fs/ext4/sdb1/mb_groups',
> > + '/proc/1/fd/3',
> > + '/sys/kernel/debug/tracing/trace_pipe',
> > + '/sys/kernel/security/apparmor/revision');
>
> Can you add:
>
> /sys/firmware/devicetree
>
> and/or /proc/device-tree (which is a symlink to the above).
Can do, thanks.
> We should also start restricting access to that because it may have
> potentially interesting physical addresses in it, but that will break
> existing tools, so it will need to be opt-in and done over time.
Seems like this is going to be a recurring theme if we try to stop leaks
using file permissions. I'm interested in how we would do this, assuming
it has to be a case by case fix but done many times.
thanks,
Tobin.
next prev parent reply other threads:[~2017-11-08 21:16 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-07 10:32 [PATCH v4] scripts: add leaking_addresses.pl Tobin C. Harding
2017-11-07 10:50 ` Greg KH
2017-11-07 20:51 ` Tobin C. Harding
2017-11-07 13:56 ` David Laight
2017-11-07 20:58 ` Tobin C. Harding
2017-11-07 21:11 ` Linus Torvalds
2017-11-07 15:51 ` Petr Mladek
2017-11-07 20:39 ` Tobin C. Harding
2017-11-07 23:36 ` [kernel-hardening] " Laura Abbott
2017-11-08 0:59 ` Linus Torvalds
2017-11-08 20:39 ` Linus Torvalds
2017-11-09 4:43 ` Kaiwan N Billimoria
2017-11-09 4:54 ` Kaiwan N Billimoria
2017-11-09 18:11 ` Steven Rostedt
2017-11-10 3:03 ` Kaiwan N Billimoria
2017-11-08 1:13 ` Tobin C. Harding
2017-11-08 12:10 ` [kernel-hardening] " Michael Ellerman
2017-11-08 21:16 ` Tobin C. Harding [this message]
2017-11-08 22:48 ` Tobin C. Harding
2017-11-09 0:49 ` Michael Ellerman
2017-11-09 2:08 ` Tobin C. Harding
2017-11-10 22:12 ` [kernel-hardening] " Frank Rowand
2017-11-12 11:49 ` Michael Ellerman
2017-11-12 18:02 ` Frank Rowand
2017-11-12 21:18 ` Tobin C. Harding
2017-11-13 1:06 ` Michael Ellerman
2017-11-10 13:56 ` kaiwan.billimoria
2017-11-12 22:21 ` Tobin C. Harding
2017-11-13 5:46 ` kaiwan.billimoria
2017-11-13 6:08 ` Tobin C. Harding
2017-11-13 6:52 ` Kaiwan N Billimoria
2017-11-20 15:39 ` Petr Mladek
2017-11-19 23:56 ` Tobin C. Harding
2017-11-11 23:10 ` Kirill A. Shutemov
2017-11-12 23:06 ` Tobin C. Harding
2017-11-13 3:37 ` Kirill A. Shutemov
2017-11-13 4:35 ` Tobin C. Harding
2017-11-13 5:27 ` [kernel-hardening] " Kaiwan N Billimoria
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171108211608.GC27823@eros \
--to=me@tobin.cc \
--cc=Golden_Miller83@protonmail.ch \
--cc=Jason@zx2c4.com \
--cc=catalin.marinas@arm.com \
--cc=cfries@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=ijc@hellion.org.uk \
--cc=joe@perches.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=mpe@ellerman.id.au \
--cc=olorin@goo \
--cc=pbonzini@redhat.com \
--cc=pmladek@suse.com \
--cc=rostedt@goodmis.org \
--cc=sergey.senozhatsky@gmail.com \
--cc=tj@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tycho@docker.com \
--cc=tytso@mit.edu \
--cc=wilal.deacon@arm.com \
--cc=william.c.roberts@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).