Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 14 Oct 2013 20:18:24 +1100
From: Ryan Mallon <rmallon@...il.com>
To: "Eric W. Biederman" <ebiederm@...ssion.com>
CC: George Spelvin <linux@...izon.com>, joe@...ches.com, 
 akpm@...ux-foundation.org, dan.j.rosenberg@...il.com, 
 eldad@...refinery.com, jgunthorpe@...idianresearch.com, jkosina@...e.cz, 
 keescook@...omium.org, kernel-hardening@...ts.openwall.com, 
 linux-kernel@...r.kernel.org, viro@...iv.linux.org.uk, 
 rusty@...tcorp.com.au, Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: [PATCH v3a] vsprintf: Check real user/group id for %pK

On 12/10/13 09:37, Eric W. Biederman wrote:

> Ryan Mallon <rmallon@...il.com> writes:
> 
>> The only remaining problem is kernel/module.c:module_sect_show() which
>> is used to write the sysfs files in /sys/module/<modname>/sections/.
>> Those files are actually are really good target for leaking %pK values
>> via setuid binaries. The problem is that the module_sect_show() function
>> isn't passed information about who opened the sysfs file. I don't think
>> this information is available in general for sysfs files either. Also,
>> I can't actually see how module_sect_show() gets called?
>>
>> I'm a bit stuck on how to solve this. Any ideas?
> 
> I haven't yet had a chance to review the patches but there are patches
> to make sysfs files seq files in Greg's driver core tree.


Hmm, I had a look at the driver-core tree, and although sysfs files
internally use the seq_file interface, the sysfs show/store handlers do
not get passed the struct seq_file, so doesn't appear possible to do the
checks there.

We could add a sysfs_ops->seq_show, but that feels clunky to have two
different interfaces for handling sysfs files. Converting the whole
tree to pass struct seq_file to the sysfs handlers would be painful :-/.

I assume the reason the /sys/module/<modname>/sections/* cannot be made
0400 is that some user-space tools are expecting those files to be
readable by unprivileged users?

~Ryan

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.