Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 27 Jul 2018 14:31:41 -0400
From: Steven Rostedt <rostedt@...dmis.org>
To: Nick Desaulniers <ndesaulniers@...gle.com>
Cc: Jann Horn <jannh@...gle.com>, Golden_Miller83@...tonmail.ch,
 greg@...ah.com, Kees Cook <keescook@...gle.com>, salyzyn@...roid.com, LKML
 <linux-kernel@...r.kernel.org>, mingo@...hat.com, kernel-team@...roid.com,
 stable@...r.kernel.org, kernel-hardening@...ts.openwall.com
Subject: Re: [PATCH] tracing: do not leak kernel addresses

On Fri, 27 Jul 2018 11:13:51 -0700
Nick Desaulniers <ndesaulniers@...gle.com> wrote:

> I found the internal bug report (reported Jan '17, you'll have to
> forgive me if my memory of the issue is hazy, or if the fix used at
> the time wasn't perfect), which was reported against the Nexus 6.
> >From the report, it was possible to `cat  
> /sys/kernel/debug/tracing/printk_formats` without being root, which I
> can't do on my workstations much more modern kernel (Nexus 6 was
> 3.10).  So I guess the question is what governs access to files below
> /sys/kernel/debug, and why was it missing from those kernels?  I
> assume some check was added, but either not backported to 3.10 stable
> (or more likely not pulled in to Nexus 6's kernel through stable;
> Android is now in a much better place for that kind of issue).

As of commit 82aceae4f0d4 ("debugfs: more tightly restrict default
mount mode") /sys/kernel/debug has been default mounted as 0700 (root
only). But that was introduced in 3.7. Not sure why your 3.10 kernel
didn't have that. Perhaps there's another commit that fixed
permissions not being inherited?

-- Steve

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.