Re: [PATCH] use %pK for /proc/kallsyms and /proc/modules
From: Kees Cook
Date: Wed Jan 26 2011 - 20:30:43 EST
On Wed, Jan 26, 2011 at 04:46:50PM -0800, Andrew Morton wrote:
> On Wed, 26 Jan 2011 16:29:36 -0800
> Kees Cook <kees.cook@xxxxxxxxxxxxx> wrote:
> > > > Note that this changes %x to %p, so some legitimately 0 values in
> > > > /proc/kallsyms would have changed from 00000000 to "(null)". To avoid
> > > > this, "(null)" is not used when using the "K" format. Anything parsing
> > > > such addresses should have no problem with this change. (Thanks to Joe
> > > > Perches for the suggestion.)
> > >
> > > OK, so what applications did this patch just break?
> > I'm not aware of any breakage as a result of this yet.
> There will be some - there always are :( But users will only see
> problems if they've set kptr_restrict.
If something can parse "null", "00000001" through "99999999", and _not_
"00000000", I will happily giggle at them. :)
> Which they shall do. How come we defaulted kptr_restrict to "true"?
Because that's the correct value! :) Unprivileged userspace doesn't need to
see kernel addresses by default, that's for CAP_SYSLOG.
Ubuntu Security Team
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/