Re: [PATCH] tracing: do not leak kernel addresses

From: Steven Rostedt
Date: Thu Jul 26 2018 - 18:16:05 EST


On Thu, 26 Jul 2018 09:52:11 -0700
Nick Desaulniers <ndesaulniers@xxxxxxxxxx> wrote:

> See the section "Kernel addresses" in
> Documentation/security/self-protection. IIRC, the issue is that a
> process may have CAP_SYSLOG but not necessarily CAP_SYS_ADMIN (so it
> can read dmesg, but not necessarily issue a sysctl to change
> kptr_restrict), get compromised and used to leak kernel addresses,
> which can then be used to defeat KASLR.

But the code doesn't go to dmesg. It's only available
via /sys/kernel/debug/tracing/printk_formats which is only available
via root. Nobody else has access to that directory.

-- Steve