From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from psmtp.com (na3sys010amx190.postini.com [74.125.245.190]) by kanga.kvack.org (Postfix) with SMTP id 8A08A6B005D for ; Wed, 3 Oct 2012 01:15:15 -0400 (EDT) Received: by iakh37 with SMTP id h37so1201567iak.14 for ; Tue, 02 Oct 2012 22:15:14 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: References: <20121002234934.GA9194@www.outflux.net> Date: Tue, 2 Oct 2012 22:15:14 -0700 Message-ID: Subject: Re: [PATCH] mm: use %pK for /proc/vmallocinfo From: Kees Cook Content-Type: text/plain; charset=ISO-8859-1 Sender: owner-linux-mm@kvack.org List-ID: To: David Rientjes Cc: linux-kernel@vger.kernel.org, Andrew Morton , Minchan Kim , Joe Perches , Kautuk Consul , linux-mm@kvack.org, Brad Spengler On Tue, Oct 2, 2012 at 10:12 PM, David Rientjes wrote: > On Tue, 2 Oct 2012, Kees Cook wrote: > >> In the paranoid case of sysctl kernel.kptr_restrict=2, mask the kernel >> virtual addresses in /proc/vmallocinfo too. >> >> Reported-by: Brad Spengler >> Signed-off-by: Kees Cook > > /proc/vmallocinfo is S_IRUSR, not S_IRUGO, so exactly what are you trying > to protect? Trying to block the root user from seeing virtual memory addresses (mode 2 of kptr_restrict). Documentation/sysctl/kernel.txt: "This toggle indicates whether restrictions are placed on exposing kernel addresses via /proc and other interfaces. When kptr_restrict is set to (0), there are no restrictions. When kptr_restrict is set to (1), the default, kernel pointers printed using the %pK format specifier will be replaced with 0's unless the user has CAP_SYSLOG. When kptr_restrict is set to (2), kernel pointers printed using %pK will be replaced with 0's regardless of privileges." Even though it's S_IRUSR, it still needs %pK for the paranoid case. -Kees -- Kees Cook Chrome OS Security -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org