Re: [BUG] What is "ptrval" in my dmesg logs? Bad "%p" expansion?

From: Tom Li
Date: Sun Feb 03 2019 - 09:36:27 EST

Next message: Dmitry Osipenko: "Re: [PATCH V9 3/5] i2c: tegra: Add DMA support"
Previous message: Ben Hutchings: "[PATCH 3.16 042/305] crypto: lrw - Fix out-of bounds access on counter overflow"
In reply to: Chris Rankin: "[BUG] What is "__ptrval__" in my dmesg logs? Bad "%p" expansion?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is not a bug, rather, this is a security feature that fixes
the original behavior, which is now considered an infoleak vul-
nerability.

Currently, the address of internal data structures are protected
by Kernel Address Space Layout Randomization (KASLR), it forces
attackers to bruteforce the location they need to overwrite, thus
together with W^X mappings, increases the difficulty of exploiting
the kernel. However, showing values of raw pointers will reveal an
address of a known internal data structure, allowing an attacker to
calculate the location of critical data structure within the kernel,
therefore completely defeating the protection by ASLR. This is why
disallowing normal users to "dmesg" used to considered a way to
improve system security.

As a security measure, the value of "%p" is now hidden by default.

Happy Hacking,
Tom Li

Next message: Dmitry Osipenko: "Re: [PATCH V9 3/5] i2c: tegra: Add DMA support"
Previous message: Ben Hutchings: "[PATCH 3.16 042/305] crypto: lrw - Fix out-of bounds access on counter overflow"
In reply to: Chris Rankin: "[BUG] What is "__ptrval__" in my dmesg logs? Bad "%p" expansion?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Re: [BUG] What is "__ptrval__" in my dmesg logs? Bad "%p" expansion?

Re: [BUG] What is "ptrval" in my dmesg logs? Bad "%p" expansion?