Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp724940imm; Fri, 27 Jul 2018 05:09:12 -0700 (PDT) X-Google-Smtp-Source: AAOMgpdKprOuDf56x68wV2ayYy+G0gMneXeCvop2yet1fP+JPxyKvvDuZI7ia1lkEJ7haWo1EJju X-Received: by 2002:a62:d10b:: with SMTP id z11-v6mr6392231pfg.255.1532693352491; Fri, 27 Jul 2018 05:09:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532693352; cv=none; d=google.com; s=arc-20160816; b=GTZFUWgpzd9oOAF0vbGdvD4Aq4q3kZZZ8CT7yeBXUqDAT5z4wi3DMM9EZV3kAsT2qp CiohtxNJNRVOXlMEwZNyqv8UkasS4C2uFUZdqFqeWKA66Cdwj7vphs1Q61P67JlNCSMB rSFxpXe4TR2KkdlBgvcmrXZrQ1+e+/vtGfitDHy1SRmwWngUfQTWiWhasW/X/TUFAA2L wou7nFDDDSAHldHXkH0lwxT+N1BfKkmX0wZesEcJ0/yxSFdyw0620Mr2plPrVhdKAJK/ Qwv1e8Yd1GmDU8uB8ntOtYxKGHExuOUeJYHMHs9gqCzyU1YJRIGuafhvVdhm3fW7iID4 xo4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :feedback-id:references:in-reply-to:message-id:subject:reply-to:cc :from:to:dkim-signature:date:arc-authentication-results; bh=VQH4m+DW2llIfsMVZnRfYq1RTnOejHZUtahsoAIeZzA=; b=Z4FZu4SkriFCFFlReGymLCUzSUL20uHorhqU+G+/UkywHk55Xd9lyn4sIvXAXvJ+wD TUReJCxQB9C0PoL1ftqMU1RXJ9ulN/dSvfnZxFo3TMCqetT4FrzqYipDipkFviOq8ogO BKPvBAoi0TiHBEBXVU9cQgfBjongrk0KBMKL598Nfrw3H0oi2COmA4/KGEtE69xHFlJP Qj9OtPnQgrDGLCwWGG31agG3IOfToeIXmspF7UDJsgsRIwIvys8Fb8VlmXqiJ99LYEp7 /so2nJdG9Zf6TtmJokiBPSk9y5oBTV6pgdNfmjnsaUX7frUa2EuZ4LR+aLzDdnoPclWr tahA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@protonmail.ch header.s=default header.b=KFGfJ8k3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.ch Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f3-v6si690867plb.207.2018.07.27.05.08.57; Fri, 27 Jul 2018 05:09:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@protonmail.ch header.s=default header.b=KFGfJ8k3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.ch Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731898AbeG0N3A (ORCPT + 99 others); Fri, 27 Jul 2018 09:29:00 -0400 Received: from mail-40136.protonmail.ch ([185.70.40.136]:10383 "EHLO mail-40136.protonmail.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729493AbeG0N3A (ORCPT ); Fri, 27 Jul 2018 09:29:00 -0400 Date: Fri, 27 Jul 2018 08:07:13 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.ch; s=default; t=1532693239; bh=VQH4m+DW2llIfsMVZnRfYq1RTnOejHZUtahsoAIeZzA=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References: Feedback-ID:From; b=KFGfJ8k3yE2AC0HiRLMG/lald5zJpWRwZ1AXoBC7MfPhIEedvgJe1Viat1hqo8eMd +NfB39fAK7dkNl53B1GTW+FFAHExhEMPl/znC+HgjjlwwN9U+N/MU6TQtA2QAYJA0+ G+7pCir8ZQQ36d7OWdw2+ryw88ti8tIs6SvtoWkU= To: Steven Rostedt From: Jordan Glover Cc: Nick Desaulniers , "greg@kroah.com" , Kees Cook , "salyzyn@android.com" , LKML , "mingo@redhat.com" , "kernel-team@android.com" , "stable@vger.kernel.org" , "kernel-hardening@lists.openwall.com" Reply-To: Jordan Glover Subject: Re: [PATCH] tracing: do not leak kernel addresses Message-ID: <753E9YR1QhdsPhsFoYuXCwfUzfyntDrc_A93hMUkktMi7lbh3KUZMcbfqKVWUfi15zYhuiDFant-ROa4QNV5shx74ff4hGngq2BOJDv-hq4=@protonmail.ch> In-Reply-To: <20180726181558.25a5c3b8@gandalf.local.home> References: <20180725202238.165314-1-salyzyn@android.com> <20180725210717.3b807191@vmware.local.home> <11437c3e-5131-7190-c496-7b51eb7fcc2a@android.com> <20180726153153.GA8327@kroah.com> <20180726181558.25a5c3b8@gandalf.local.home> Feedback-ID: QEdvdaLhFJaqnofhWA-dldGwsuoeDdDw7vz0UPs8r8sanA3bIt8zJdf4aDqYKSy4gJuZ0WvFYJtvq21y6ge_uQ==:Ext:ProtonMail MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-0.6 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM, FREEMAIL_REPLYTO_END_DIGIT autolearn=no autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mail.protonmail.ch Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On July 27, 2018 12:15 AM, Steven Rostedt wrote: > On Thu, 26 Jul 2018 09:52:11 -0700 > Nick Desaulniers ndesaulniers@google.com wrote: > > > See the section "Kernel addresses" in > > Documentation/security/self-protection. IIRC, the issue is that a > > process may have CAP_SYSLOG but not necessarily CAP_SYS_ADMIN (so it > > can read dmesg, but not necessarily issue a sysctl to change > > kptr_restrict), get compromised and used to leak kernel addresses, > > which can then be used to defeat KASLR. > > But the code doesn't go to dmesg. It's only available > via /sys/kernel/debug/tracing/printk_formats which is only available > via root. Nobody else has access to that directory. > > -- Steve I think the point was that when we take capabilities into account the root privileges aren't unequivocal anymore. The 'root' owned process with only 'CAP_SYSLOG' shouldn't have access to /sys/kernel/debug/tracing/printk_form= ats Jordan