On 10/31/2015 08:53 PM, Jessica Yu wrote:
> +++ Chris J Arges [30/10/15 22:44 -0500]:
>> The following directory structure will allow for cases when the same
>> function name exists in a single object.
>> /sys/kernel/livepatch/<patch>/<object>/<function@address>
>
> Hi Chris, thanks for the patch.
>
> I think the last time this issue was discussed, the conclusion was
> that concatenating the address to the function name constitutes as an
> information leak (as the sysfs entry is visible to non-root users).
>
> One option suggested by Josh in that thread would be to do something
> like "func.n", where n is just the nth occurrence of the symbol name.
> Another option might be to keep the func@addr format but not make these
> entries visible to non-root users.
>
> Jessica
>
Jessica,
Makes sense to me. Is there a reason why the sysfs entries are visible
to non-root users?
Otherwise, if there is a use-case for keeping the permissions the same,
then I'd be happy to to use the 'func.n' format for v2.
--chris
On Sat, 31 Oct 2015, Chris J Arges wrote:
> Makes sense to me. Is there a reason why the sysfs entries are visible
> to non-root users?
Well, kptr_restrict applies only to values printed using '%pK'. So if the
sysfs handler is using other printk() format string to print the pointer,
it'll be leaked out (and should eventually be fixed).
Thanks,
--
Jiri Kosina
SUSE Labs
+++ Jiri Kosina [01/11/15 10:07 +0100]:
>On Sat, 31 Oct 2015, Chris J Arges wrote:
>
>> Makes sense to me. Is there a reason why the sysfs entries are visible
>> to non-root users?
>
>Well, kptr_restrict applies only to values printed using '%pK'. So if the
>sysfs handler is using other printk() format string to print the pointer,
>it'll be leaked out (and should eventually be fixed).
Hm, I think the func.n solution might be a good temporary fix for now.
Even if we do go with func@addr and use the '%pK' format specifier we
will run into the same problem at kptr_restrict == 2.
Jessica