Re: [PATCH] kernel: Restrict permissions of /proc/iomem.
From: Kees Cook
Date: Mon Oct 28 2019 - 15:16:44 EST
On Fri, Oct 25, 2019 at 02:32:20PM -0700, Andrew Morton wrote:
> On Fri, 25 Oct 2019 16:56:41 +0800 zhanglin <zhang.lin16@xxxxxxxxxx> wrote:
>
> > The permissions of /proc/iomem currently are -r--r--r--. Everyone can
> > see its content. As iomem contains information about the physical memory
> > content of the device, restrict the information only to root.
> >
> > ...
> >
> > --- a/kernel/resource.c
> > +++ b/kernel/resource.c
> > @@ -139,7 +139,8 @@ static int __init ioresources_init(void)
> > {
> > proc_create_seq_data("ioports", 0, NULL, &resource_op,
> > &ioport_resource);
> > - proc_create_seq_data("iomem", 0, NULL, &resource_op, &iomem_resource);
> > + proc_create_seq_data("iomem", S_IRUSR, NULL, &resource_op,
> > + &iomem_resource);
> > return 0;
> > }
> > __initcall(ioresources_init);
>
> It's risky to change things like this - heaven knows which userspace
> applications might break.
>
> Possibly we could obfuscate the information if that is considered
> desirable. Why is this a problem anyway? What are the possible
> exploit scenarios?
This is already done: kptr_restrict sysctl already zeros these values
if it is set. e.g.:
00000000-00000000 : System RAM
00000000-00000000 : Kernel code
00000000-00000000 : Kernel data
00000000-00000000 : Kernel bss
> Can't the same info be obtained by running dmesg and looking at the
> startup info?
Both virtual and physical address dumps in dmesg are considered "bad
form" these days and most have been removed.
> Can't the user who is concerned about this run chmod 0400 /proc/iomem
> at boot?
That is also possible.
> Maybe Kees has an opinion?
I do! :) System owners should either set kptr_restrict (or the CONFIG),
or do a chmod.
--
Kees Cook