From: "Tobin C. Harding" <me@tobin.cc>
To: Steven Rostedt <rostedt@goodmis.org>
Cc: Tycho Andersen <tycho@tycho.ws>,
Daniel Borkmann <daniel@iogearbox.net>,
Masahiro Yamada <yamada.masahiro@socionext.com>,
"David S. Miller" <davem@davemloft.net>,
Alexei Starovoitov <ast@kernel.org>,
Network Development <netdev@vger.kernel.org>,
linux-kernel@vger.kernel.org,
kernel-hardening@lists.openwall.com
Subject: Re: [RFC 1/3] kallsyms: don't leak address when symbol not found
Date: Thu, 30 Nov 2017 11:16:19 +1100 [thread overview]
Message-ID: <20171130001619.GR6217@eros> (raw)
In-Reply-To: <1511821819-5496-2-git-send-email-me@tobin.cc>
I reordered the To's and CC's, I hope this doesn't break
threading. (clearly I haven't groked email yet :( )
On Tue, Nov 28, 2017 at 09:30:17AM +1100, Tobin C. Harding wrote:
> Currently if kallsyms_lookup() fails to find the symbol then the address
> is printed. This potentially leaks sensitive information. Instead of
> printing the address we can return an error, giving the calling code the
> option to print the address or print some sanitized message.
>
> Return error instead of printing address to argument buffer. Leave
> buffer in a sane state.
>
> Signed-off-by: Tobin C. Harding <me@tobin.cc>
> ---
> kernel/kallsyms.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
> index 531ffa984bc2..4bfa4ee3ce93 100644
> --- a/kernel/kallsyms.c
> +++ b/kernel/kallsyms.c
> @@ -394,8 +394,10 @@ static int __sprint_symbol(char *buffer, unsigned long address,
>
> address += symbol_offset;
> name = kallsyms_lookup(address, &size, &offset, &modname, buffer);
> - if (!name)
> - return sprintf(buffer, "0x%lx", address - symbol_offset);
> + if (!name) {
> + buffer[0] = '\0';
> + return -1;
> + }
>
> if (name != buffer)
> strcpy(buffer, name);
> --
> 2.7.4
>
Do you want a Suggested-by: tag for this patch Steve? I mentioned you in
the cover letter but as far as going into the git history I'm not
entirely sure on the protocol for adding suggested-by. The kernel docs
say not to add it without authorization, so ...
thanks,
Tobin.
next prev parent reply other threads:[~2017-11-30 0:16 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-27 22:30 [RFC 0/3] kallsyms: don't leak address when printing symbol Tobin C. Harding
2017-11-27 22:30 ` [RFC 1/3] kallsyms: don't leak address when symbol not found Tobin C. Harding
2017-11-30 0:16 ` Tobin C. Harding [this message]
2017-11-27 22:30 ` [RFC 2/3] vsprintf: print <no-symbol> if " Tobin C. Harding
2017-11-27 22:30 ` [RFC 3/3] trace: print address " Tobin C. Harding
2017-11-28 0:52 ` [RFC 0/3] kallsyms: don't leak address when printing symbol Kees Cook
2017-11-28 1:50 ` Tobin C. Harding
2017-11-28 3:28 ` [kernel-hardening] " Kaiwan N Billimoria
2017-11-29 23:58 ` Tobin C. Harding
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171130001619.GR6217@eros \
--to=me@tobin.cc \
--cc=ast@kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=rostedt@goodmis.org \
--cc=tycho@tycho.ws \
--cc=yamada.masahiro@socionext.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).