• D
    net: convert %p usage to %pK · 71338aa7
    Dan Rosenberg 提交于
    The %pK format specifier is designed to hide exposed kernel pointers,
    specifically via /proc interfaces.  Exposing these pointers provides an
    easy target for kernel write vulnerabilities, since they reveal the
    locations of writable structures containing easily triggerable function
    pointers.  The behavior of %pK depends on the kptr_restrict sysctl.
    
    If kptr_restrict is set to 0, no deviation from the standard %p behavior
    occurs.  If kptr_restrict is set to 1, the default, if the current user
    (intended to be a reader via seq_printf(), etc.) does not have CAP_SYSLOG
    (currently in the LSM tree), kernel pointers using %pK are printed as 0's.
     If kptr_restrict is set to 2, kernel pointers using %pK are printed as
    0's regardless of privileges.  Replacing with 0's was chosen over the
    default "(null)", which cannot be parsed by userland %p, which expects
    "(nil)".
    
    The supporting code for kptr_restrict and %pK are currently in the -mm
    tree.  This patch converts users of %p in net/ to %pK.  Cases of printing
    pointers to the syslog are not covered, since this would eliminate useful
    information for postmortem debugging and the reading of the syslog is
    already optionally protected by the dmesg_restrict sysctl.
    Signed-off-by: NDan Rosenberg <drosenberg@vsecurity.com>
    Cc: James Morris <jmorris@namei.org>
    Cc: Eric Dumazet <eric.dumazet@gmail.com>
    Cc: Thomas Graf <tgraf@infradead.org>
    Cc: Eugene Teo <eugeneteo@kernel.org>
    Cc: Kees Cook <kees.cook@canonical.com>
    Cc: Ingo Molnar <mingo@elte.hu>
    Cc: David S. Miller <davem@davemloft.net>
    Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
    Cc: Eric Paris <eparis@parisplace.org>
    Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    71338aa7
af_unix.c 54.6 KB