Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp823313imm;
        Fri, 27 Jul 2018 06:48:41 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpeGEixulWF/BvlBwPKDm2dtTt1cf8N4zlG4SxgHJD/gtrxD/K2T5MptW+62SCKrKya1W+6S
X-Received: by 2002:a17:902:8481:: with SMTP id c1-v6mr6088003plo.177.1532699321033;
        Fri, 27 Jul 2018 06:48:41 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1532699321; cv=none;
        d=google.com; s=arc-20160816;
        b=aaSTMQdS9yQLKU9fZvRkJ55W26lo/oOmnFCS33jiNWUEaTKUlbd1TTw/+Q6OJTs6Gq
         Dy7O+9D/LD6IIzoUcF/rgaXN3HPg2zWxJFXIU4ky7FvCwK0nx+AyD6fPGo4/zXU1EenE
         5djiQ4nnUvuWrCXCwWhTnjNeSbyLVpvQh3iNNQ4LMy6GyYrQlO0J4sQtjnfqyx0XsaJX
         bRIAYyldo+hm6MP+5SMHh9e0AhBcjk2+4tJaqfGRE1ZVUc7HQzvw6OLKhSt4jBrCetkW
         Uf3/ujk4BCIIAnkmChSCZXItSUlji+9thH3trZDrsNSIwEgHn/pRYk7nxRl4O/YXNMmj
         BZNQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:subject:cc:to:from:date
         :arc-authentication-results;
        bh=uYbNqIKe9HdPtXiQneioWbAfsbW+h/o4LpU6RpcrVw0=;
        b=MKSzbjmGkNyV8DqbSbmLWQ5e3zV+T+liB6L6zfFijk/6yhK6N98pkPvocqFtoV2Jpw
         e9TwW6J4v1nGEOa/hWz6NLWAJQrdCsi2HQufSTP4o7eF+ZtldCgb7OpQAmq8eIIAdE4Q
         k5GfPUg/MaQYA0tQR61bRefZMfqvXrJoiOPkWuQe7ybi9YD2bs5C69wSuP4H0y4IJqG1
         YFTbzczUoVTbdLQZ0QWw5bGR8Te2S6AjKV2wJdOIgP7y5GpP4lzRHLXeW28rbKkd0y3r
         zfOxfvpMaWgYZYNXJKEIQ4zm/q2xTU7idxmwwR9UEwv7JpxCPqFRj2D5B8CifSVfSxOX
         cpeQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id v32-v6si3695287plb.273.2018.07.27.06.48.26;
        Fri, 27 Jul 2018 06:48:41 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732097AbeG0PJe (ORCPT <rfc822;kernelgary@gmail.com>
        + 99 others); Fri, 27 Jul 2018 11:09:34 -0400
Received: from mail.kernel.org ([198.145.29.99]:49554 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1730475AbeG0PJd (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 27 Jul 2018 11:09:33 -0400
Received: from gandalf.local.home (cpe-66-24-56-78.stny.res.rr.com [66.24.56.78])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 1D234208AF;
        Fri, 27 Jul 2018 13:47:32 +0000 (UTC)
Date:   Fri, 27 Jul 2018 09:47:30 -0400
From:   Steven Rostedt <rostedt@goodmis.org>
To:     Jann Horn <jannh@google.com>
Cc:     Golden_Miller83@protonmail.ch,
        Nick Desaulniers <ndesaulniers@google.com>,
        Greg KH <greg@kroah.com>, Kees Cook <keescook@google.com>,
        salyzyn@android.com, kernel list <linux-kernel@vger.kernel.org>,
        Ingo Molnar <mingo@redhat.com>, kernel-team@android.com,
        stable@vger.kernel.org,
        Kernel Hardening <kernel-hardening@lists.openwall.com>
Subject: Re: [PATCH] tracing: do not leak kernel addresses
Message-ID: <20180727094730.3a448629@gandalf.local.home>
In-Reply-To: <CAG48ez1U=5nTOrnOqwMuXhdER-7XxJUYLcyYNuczwasQLQ0gXA@mail.gmail.com>
References: <20180725202238.165314-1-salyzyn@android.com>
        <20180725210717.3b807191@vmware.local.home>
        <11437c3e-5131-7190-c496-7b51eb7fcc2a@android.com>
        <20180726153153.GA8327@kroah.com>
        <CAKwvOdk9s+=kUwcPGQzZNxR7eOGAiiasAyWhZxgKom4_6h+oxA@mail.gmail.com>
        <20180726181558.25a5c3b8@gandalf.local.home>
        <753E9YR1QhdsPhsFoYuXCwfUzfyntDrc_A93hMUkktMi7lbh3KUZMcbfqKVWUfi15zYhuiDFant-ROa4QNV5shx74ff4hGngq2BOJDv-hq4=@protonmail.ch>
        <CAG48ez1U=5nTOrnOqwMuXhdER-7XxJUYLcyYNuczwasQLQ0gXA@mail.gmail.com>
X-Mailer: Claws Mail 3.16.0 (GTK+ 2.24.32; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, 27 Jul 2018 15:40:32 +0200
Jann Horn <jannh@google.com> wrote:

> > > But the code doesn't go to dmesg. It's only available
> > > via /sys/kernel/debug/tracing/printk_formats which is only available
> > > via root. Nobody else has access to that directory.
> > >
> > > -- Steve  
> >
> > I think the point was that when we take capabilities into account the root
> > privileges aren't unequivocal anymore. The 'root' owned process with only
> > 'CAP_SYSLOG' shouldn't have access to /sys/kernel/debug/tracing/printk_formats  
> 
> Then they shouldn't have access to debugfs at all, right?

That's what I'm thinking.

-- Steve