[PATCH 1/2] use %pK for /proc/kallsyms and /proc/modules

From: Kees Cook
Date: Mon Jan 24 2011 - 21:05:16 EST

Next message: Kees Cook: "[PATCH 2/2] use %pK and %Klx for /proc/kallsyms and /proc/modules"
Previous message: Kees Cook: "RFC: introduce "K" flag for printf, similar to %pK"
In reply to: Kees Cook: "RFC: introduce "K" flag for printf, similar to %pK"
Next in thread: Kees Cook: "[PATCH 2/2] use %pK and %Klx for /proc/kallsyms and /proc/modules"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Instead of messing with permissions on these files, use %pK for kernel
addresses to reduce potential information leaks that might be used to
help target kernel privilege escalation exploits.

Note that this changes %x to %p, so some legitimately 0 values in
/proc/kallsyms will change from 00000000 to "(null)". Additionally, when
compiling with -Wformat, these harmless warnings are emitted:
warning: '0' flag used with â%pâ gnu_printf format

Signed-off-by: Kees Cook <kees.cook@xxxxxxxxxxxxx>
---
kernel/kallsyms.c | 4 ++--
kernel/module.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
index 6f6d091..074b762 100644
--- a/kernel/kallsyms.c
+++ b/kernel/kallsyms.c
@@ -477,11 +477,11 @@ static int s_show(struct seq_file *m, void *p)
*/
type = iter->exported ? toupper(iter->type) :
tolower(iter->type);
- seq_printf(m, "%0*lx %c %s\t[%s]\n",
+ seq_printf(m, "%0*pK %c %s\t[%s]\n",
(int)(2 * sizeof(void *)),
iter->value, type, iter->name, iter->module_name);
} else
- seq_printf(m, "%0*lx %c %s\n",
+ seq_printf(m, "%0*pK %c %s\n",
(int)(2 * sizeof(void *)),
iter->value, iter->type, iter->name);
return 0;
diff --git a/kernel/module.c b/kernel/module.c
index 34e00b7..748465c 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -1168,7 +1168,7 @@ static ssize_t module_sect_show(struct module_attribute *mattr,
{
struct module_sect_attr *sattr =
container_of(mattr, struct module_sect_attr, mattr);
- return sprintf(buf, "0x%lx\n", sattr->address);
+ return sprintf(buf, "0x%pK\n", sattr->address);
}

static void free_sect_attrs(struct module_sect_attrs *sect_attrs)
@@ -3224,7 +3224,7 @@ static int m_show(struct seq_file *m, void *p)
mod->state == MODULE_STATE_COMING ? "Loading":
"Live");
/* Used by oprofile and other similar tools. */
- seq_printf(m, " 0x%p", mod->module_core);
+ seq_printf(m, " 0x%pK", mod->module_core);

/* Taints info */
if (mod->taints)
--
1.7.2.3

--
Kees Cook
Ubuntu Security Team
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Kees Cook: "[PATCH 2/2] use %pK and %Klx for /proc/kallsyms and /proc/modules"
Previous message: Kees Cook: "RFC: introduce "K" flag for printf, similar to %pK"
In reply to: Kees Cook: "RFC: introduce "K" flag for printf, similar to %pK"
Next in thread: Kees Cook: "[PATCH 2/2] use %pK and %Klx for /proc/kallsyms and /proc/modules"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]