Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp4692843ybg; Tue, 29 Oct 2019 10:59:40 -0700 (PDT) X-Google-Smtp-Source: APXvYqxU2XHe2DKXvZbIYtC6pvvUVuEF7PYZtW4lnIYksY+4lFIzu0zgPlLqcNxxPYQCe1JMteTa X-Received: by 2002:a50:875e:: with SMTP id 30mr27655289edv.45.1572371980221; Tue, 29 Oct 2019 10:59:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1572371980; cv=none; d=google.com; s=arc-20160816; b=KRGlQxXUiE8iNPU/xFWL+STI23EkE9ERDF+vjfzvTGqtFZUlfy0tk2c8jBm0cYsoNU ybbwV8omdpUcO09OHw7VfJ90P0r+yvOs2b/7Y7Rd1ZGnbp4JD+qRWSIR81LEurtLfl04 OPNf6fma/2A6XvSuVPeGhYgrDLH3l7zx4DQ9EcDumX019v64QcNz/KrK5D1FtWfOwrBK ruJFMLZ3EwKzpvQfhF7nx4utYnFTI9QcUf9dtdGMgpzoflB+L3pSOzq251A5f0xf0//I jH8LU0S0EIU30/OaRIQK1CExg52yTUTRBf5h217JsPJfC5ff64j0WIGV8sTZ7op4qkdo 5AYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=+3gqcrRIDAX+hOFuJlZTKa7U/EHCuPhrAIfvqnC2hnw=; b=mGmrNKvOBOpP2pC8RrDHI/5Yle9eo3XpnZtqO6L1Td0qU4JMjYPLFSvAYt1nQUXiav r+6qUowBJie7wdJZ277g/phNqdA3n9ExNKK8YhX+JPFihGsI5ecPCxq6j2m+TvEi+G2x Rb6Wji9SZyynjJAxHXrCc4RkSkYDRDfci1YPoL16IhTrfHqaWSa/Ibbj1GnidY5WkEkW dQGK9dYFBDrLvyRW1rdsGM8LRUvrHTVRtcTSxlUkC2mLDaIpkczyNhm+1pE+VBPMRn6D 4b7+kB1dkbO0OYh05FUsxztVjgqXySfdvJxqu6/XQq0zrka8gd3g+oqUT16tebmNoPeA b9sQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id jz12si8338628ejb.193.2019.10.29.10.59.16; Tue, 29 Oct 2019 10:59:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727987AbfJ2LFT (ORCPT + 99 others); Tue, 29 Oct 2019 07:05:19 -0400 Received: from trent.utfs.org ([94.185.90.103]:59884 "EHLO trent.utfs.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725776AbfJ2LFT (ORCPT ); Tue, 29 Oct 2019 07:05:19 -0400 Received: from localhost (localhost [IPv6:::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by trent.utfs.org (Postfix) with ESMTPS id DB8076012D; Tue, 29 Oct 2019 12:05:16 +0100 (CET) Date: Tue, 29 Oct 2019 04:05:16 -0700 (PDT) From: Christian Kujau To: Kees Cook cc: Andrew Morton , zhanglin , dan.j.williams@intel.com, jgg@ziepe.ca, mingo@kernel.org, dave.hansen@linux.intel.com, namit@vmware.com, bp@suse.de, christophe.leroy@c-s.fr, rdunlap@infradead.org, osalvador@suse.de, richardw.yang@linux.intel.com, linux-kernel@vger.kernel.org, xue.zhihong@zte.com.cn, wang.yi59@zte.com.cn, jiang.xuexin@zte.com.cn Subject: Re: [PATCH] kernel: Restrict permissions of /proc/iomem. In-Reply-To: <201910281213.720C0DB89@keescook> Message-ID: References: <1571993801-12665-1-git-send-email-zhang.lin16@zte.com.cn> <20191025143220.cb15a90fe95a4ebdda70f89c@linux-foundation.org> <201910281213.720C0DB89@keescook> User-Agent: Alpine 2.21.99999 (DEB 352 2019-06-22) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 28 Oct 2019, Kees Cook wrote: > > It's risky to change things like this - heaven knows which userspace > > applications might break. > > > > Possibly we could obfuscate the information if that is considered > > desirable. Why is this a problem anyway? What are the possible > > exploit scenarios? > > This is already done: kptr_restrict sysctl already zeros these values > if it is set. e.g.: > > 00000000-00000000 : System RAM > 00000000-00000000 : Kernel code > 00000000-00000000 : Kernel data > 00000000-00000000 : Kernel bss > > > Can't the same info be obtained by running dmesg and looking at the > > startup info? > > Both virtual and physical address dumps in dmesg are considered "bad > form" these days and most have been removed. > > > Can't the user who is concerned about this run chmod 0400 /proc/iomem > > at boot? > > That is also possible. As a user, I still like this patch, or some variation of it. On various (server and desktop) systems I do this during boot for some time now and never had a problem: find /proc -xdev -mindepth 1 -maxdepth 1 ! \( -name "[0-9]*" \ -o -name cpuinfo -o -name modules -o -name loadavg -o -name meminfo \ -o -name mounts -o -name net -o -name self -o -name diskstats \ -o -name stat -o -name sys -o -name swaps -o -name thread-self \ -o -name vmstat -o -name uptime \) -exec chmod -c go-rwx '{}' + C. -- BOFH excuse #436: Daemon escaped from pentagram