From: "Tobin C. Harding" <me@tobin.cc>
To: Kaiwan N Billimoria <kaiwan@kaiwantech.com>
Cc: Kees Cook <keescook@chromium.org>,
kernel-hardening@lists.openwall.com,
LKML <linux-kernel@vger.kernel.org>,
Network Development <netdev@vger.kernel.org>,
Steven Rostedt <rostedt@goodmis.org>,
Tycho Andersen <tycho@tycho.ws>
Subject: Re: [kernel-hardening] Re: [RFC 0/3] kallsyms: don't leak address when printing symbol
Date: Thu, 30 Nov 2017 10:58:34 +1100 [thread overview]
Message-ID: <20171129235834.GQ6217@eros> (raw)
In-Reply-To: <CAPDLWs8tJ5voge-gS-W+gxpRRk2GximPkGm1d9pxf5QNbCKufA@mail.gmail.com>
On Tue, Nov 28, 2017 at 08:58:44AM +0530, Kaiwan N Billimoria wrote:
> On Tue, Nov 28, 2017 at 7:20 AM, Tobin C. Harding <me@tobin.cc> wrote:
> >
> > Noob question: how do we _know_ this. In other words how do we know no
> > userland tools rely on the current behaviour? No stress to answer Kees,
> > this is a pretty general kernel dev question.
>
> Perhaps I'm reading this wrong, but anyway: besides ftrace, kprobes
> will require a
> symbol-to-address lookup. Specifically, in the function
> kprobe_lookup_name() which
> in turn invokes kallsyms_lookup_name().
We should be right for this call chain because the patch doesn't touch
kallsyms_lookup_name().
> AFAIK, SystemTap (userland) is built on top of the kprobes infrastructure..
This actually indirectly answers the concern. Since no userland tool
should be looking up a kernel address the only code we can break is
kernel code.
thanks,
Tobin
prev parent reply other threads:[~2017-11-29 23:58 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-27 22:30 [RFC 0/3] kallsyms: don't leak address when printing symbol Tobin C. Harding
2017-11-27 22:30 ` [RFC 1/3] kallsyms: don't leak address when symbol not found Tobin C. Harding
2017-11-30 0:16 ` Tobin C. Harding
2017-11-27 22:30 ` [RFC 2/3] vsprintf: print <no-symbol> if " Tobin C. Harding
2017-11-27 22:30 ` [RFC 3/3] trace: print address " Tobin C. Harding
2017-11-28 0:52 ` [RFC 0/3] kallsyms: don't leak address when printing symbol Kees Cook
2017-11-28 1:50 ` Tobin C. Harding
2017-11-28 3:28 ` [kernel-hardening] " Kaiwan N Billimoria
2017-11-29 23:58 ` Tobin C. Harding [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171129235834.GQ6217@eros \
--to=me@tobin.cc \
--cc=kaiwan@kaiwantech.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=rostedt@goodmis.org \
--cc=tycho@tycho.ws \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).