Re: [PATCH] use %pK for /proc/kallsyms and /proc/modules

From: Andrew Morton
Date: Wed Jan 26 2011 - 18:58:10 EST

Next message: Mike Waychison: "Re: [PATCH v1 3/6] driver: Google EFI SMI"
Previous message: Andrew Morton: "Re: [PATCH] msm: smd: Add smd_pkt driver"
In reply to: Kees Cook: "[PATCH] use %pK for /proc/kallsyms and /proc/modules"
Next in thread: Kees Cook: "Re: [PATCH] use %pK for /proc/kallsyms and /proc/modules"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 25 Jan 2011 10:10:58 -0800
Kees Cook <kees.cook@xxxxxxxxxxxxx> wrote:

> Instead of messing with permissions on these files,

This implies that the patch alters permission handling, only it
doesn't. But I worked it out!

> use %pK for kernel
> addresses to reduce potential information leaks that might be used to
> help target kernel privilege escalation exploits.
>
> Note that this changes %x to %p, so some legitimately 0 values in
> /proc/kallsyms would have changed from 00000000 to "(null)". To avoid
> this, "(null)" is not used when using the "K" format. Anything parsing
> such addresses should have no problem with this change. (Thanks to Joe
> Perches for the suggestion.)
>
> Note that when compiling with -Wformat, these harmless warnings will
> be emitted, and can be ignored:
> warning: '0' flag used with ___%p___ gnu_printf format

OK, so what applications did this patch just break?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mike Waychison: "Re: [PATCH v1 3/6] driver: Google EFI SMI"
Previous message: Andrew Morton: "Re: [PATCH] msm: smd: Add smd_pkt driver"
In reply to: Kees Cook: "[PATCH] use %pK for /proc/kallsyms and /proc/modules"
Next in thread: Kees Cook: "Re: [PATCH] use %pK for /proc/kallsyms and /proc/modules"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]