• D
    kptr_restrict for hiding kernel pointers from unprivileged users · 455cd5ab
    Dan Rosenberg 提交于
    Add the %pK printk format specifier and the /proc/sys/kernel/kptr_restrict
    sysctl.
    
    The %pK format specifier is designed to hide exposed kernel pointers,
    specifically via /proc interfaces.  Exposing these pointers provides an
    easy target for kernel write vulnerabilities, since they reveal the
    locations of writable structures containing easily triggerable function
    pointers.  The behavior of %pK depends on the kptr_restrict sysctl.
    
    If kptr_restrict is set to 0, no deviation from the standard %p behavior
    occurs.  If kptr_restrict is set to 1, the default, if the current user
    (intended to be a reader via seq_printf(), etc.) does not have CAP_SYSLOG
    (currently in the LSM tree), kernel pointers using %pK are printed as 0's.
     If kptr_restrict is set to 2, kernel pointers using %pK are printed as
    0's regardless of privileges.  Replacing with 0's was chosen over the
    default "(null)", which cannot be parsed by userland %p, which expects
    "(nil)".
    
    [akpm@linux-foundation.org: check for IRQ context when !kptr_restrict, save an indent level, s/WARN/WARN_ONCE/]
    [akpm@linux-foundation.org: coding-style fixup]
    [randy.dunlap@oracle.com: fix kernel/sysctl.c warning]
    Signed-off-by: NDan Rosenberg <drosenberg@vsecurity.com>
    Signed-off-by: NRandy Dunlap <randy.dunlap@oracle.com>
    Cc: James Morris <jmorris@namei.org>
    Cc: Eric Dumazet <eric.dumazet@gmail.com>
    Cc: Thomas Graf <tgraf@infradead.org>
    Cc: Eugene Teo <eugeneteo@kernel.org>
    Cc: Kees Cook <kees.cook@canonical.com>
    Cc: Ingo Molnar <mingo@elte.hu>
    Cc: David S. Miller <davem@davemloft.net>
    Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
    Cc: Eric Paris <eparis@parisplace.org>
    Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
    455cd5ab
vsprintf.c 51.1 KB