Re: [PATCH] use %pK for /proc/kallsyms and /proc/modules

[Kees Cook]

On Wed, Jan 26, 2011 at 04:46:50PM -0800, Andrew Morton wrote:
> On Wed, 26 Jan 2011 16:29:36 -0800
> Kees Cook <kees.cook@xxxxxxxxxxxxx> wrote:
> 
> > > > Note that this changes %x to %p, so some legitimately 0 values in
> > > > /proc/kallsyms would have changed from 00000000 to "(null)". To avoid
> > > > this, "(null)" is not used when using the "K" format. Anything parsing
> > > > such addresses should have no problem with this change. (Thanks to Joe
> > > > Perches for the suggestion.)
> > > 
> > > OK, so what applications did this patch just break?
> > 
> > I'm not aware of any breakage as a result of this yet.
> 
> There will be some - there always are :( But users will only see
> problems if they've set kptr_restrict.

If something can parse "null", "00000001" through "99999999", and _not_
"00000000", I will happily giggle at them. :)

> 
> Which they shall do.  How come we defaulted kptr_restrict to "true"?

Because that's the correct value! :) Unprivileged userspace doesn't need to
see kernel addresses by default, that's for CAP_SYSLOG.

-Kees

-- 
Kees Cook
Ubuntu Security Team
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/