Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Mon 2017-11-13 11:16:28, kaiwan.billimo...@gmail.com wrote: > On Mon, 2017-11-13 at 09:21 +1100, Tobin C. Harding wrote: > > On Fri, Nov 10, 2017 at 07:26:34PM +0530, kaiwan.billimo...@gmail.com > > > - it currently hard-codes a global 'PAGE_OFFSET_32BIT=0xc000' > > > , just > > > so I

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Mon 2017-11-13 11:16:28, kaiwan.billimo...@gmail.com wrote: > On Mon, 2017-11-13 at 09:21 +1100, Tobin C. Harding wrote: > > On Fri, Nov 10, 2017 at 07:26:34PM +0530, kaiwan.billimo...@gmail.com > > > - it currently hard-codes a global 'PAGE_OFFSET_32BIT=0xc000' > > > , just > > > so I

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Fri, Nov 10, 2017 at 07:26:34PM +0530, kaiwan.billimo...@gmail.com wrote: > On Tue, 2017-11-07 at 21:32 +1100, Tobin C. Harding wrote: [snip] > Finally, unsure if am working against the latest ver of your script Tobin, > apologies if not. The latest version of leaking_addresses.pl is now in

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Fri, Nov 10, 2017 at 07:26:34PM +0530, kaiwan.billimo...@gmail.com wrote: > On Tue, 2017-11-07 at 21:32 +1100, Tobin C. Harding wrote: [snip] > Finally, unsure if am working against the latest ver of your script Tobin, > apologies if not. The latest version of leaking_addresses.pl is now in

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Mon, Nov 13, 2017 at 11:38 AM, Tobin C. Harding wrote: > On Mon, Nov 13, 2017 at 11:16:28AM +0530, kaiwan.billimo...@gmail.com wrote: >> On Mon, 2017-11-13 at 09:21 +1100, Tobin C. Harding wrote: >> > On Fri, Nov 10, 2017 at 07:26:34PM +0530, kaiwan.billimo...@gmail.com >> >

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Mon, Nov 13, 2017 at 11:38 AM, Tobin C. Harding wrote: > On Mon, Nov 13, 2017 at 11:16:28AM +0530, kaiwan.billimo...@gmail.com wrote: >> On Mon, 2017-11-13 at 09:21 +1100, Tobin C. Harding wrote: >> > On Fri, Nov 10, 2017 at 07:26:34PM +0530, kaiwan.billimo...@gmail.com >> > wrote: >> > > On

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Mon, Nov 13, 2017 at 11:16:28AM +0530, kaiwan.billimo...@gmail.com wrote: > On Mon, 2017-11-13 at 09:21 +1100, Tobin C. Harding wrote: > > On Fri, Nov 10, 2017 at 07:26:34PM +0530, kaiwan.billimo...@gmail.com > > wrote: > > > On Tue, 2017-11-07 at 21:32 +1100, Tobin C. Harding wrote: > > > >

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Mon, Nov 13, 2017 at 11:16:28AM +0530, kaiwan.billimo...@gmail.com wrote: > On Mon, 2017-11-13 at 09:21 +1100, Tobin C. Harding wrote: > > On Fri, Nov 10, 2017 at 07:26:34PM +0530, kaiwan.billimo...@gmail.com > > wrote: > > > On Tue, 2017-11-07 at 21:32 +1100, Tobin C. Harding wrote: > > > >

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Mon, 2017-11-13 at 09:21 +1100, Tobin C. Harding wrote: > On Fri, Nov 10, 2017 at 07:26:34PM +0530, kaiwan.billimo...@gmail.com > wrote: > > On Tue, 2017-11-07 at 21:32 +1100, Tobin C. Harding wrote: > > > Currently we are leaking addresses from the kernel to user space. > > > This > > >

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Mon, 2017-11-13 at 09:21 +1100, Tobin C. Harding wrote: > On Fri, Nov 10, 2017 at 07:26:34PM +0530, kaiwan.billimo...@gmail.com > wrote: > > On Tue, 2017-11-07 at 21:32 +1100, Tobin C. Harding wrote: > > > Currently we are leaking addresses from the kernel to user space. > > > This > > >

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

Frank Rowand writes: > Hi Michael, > > On 11/12/17 03:49, Michael Ellerman wrote: ... >> >> On our bare metal machines the device tree comes from skiboot >> (firmware), with some of the content provided by hostboot (other >> firmware), both of which are open source, so in

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

Frank Rowand writes: > Hi Michael, > > On 11/12/17 03:49, Michael Ellerman wrote: ... >> >> On our bare metal machines the device tree comes from skiboot >> (firmware), with some of the content provided by hostboot (other >> firmware), both of which are open source, so in theory most of the >>

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Fri, Nov 10, 2017 at 07:26:34PM +0530, kaiwan.billimo...@gmail.com wrote: > On Tue, 2017-11-07 at 21:32 +1100, Tobin C. Harding wrote: > > Currently we are leaking addresses from the kernel to user space. > > This > > script is an attempt to find some of those leakages. Script parses > >

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Fri, Nov 10, 2017 at 07:26:34PM +0530, kaiwan.billimo...@gmail.com wrote: > On Tue, 2017-11-07 at 21:32 +1100, Tobin C. Harding wrote: > > Currently we are leaking addresses from the kernel to user space. > > This > > script is an attempt to find some of those leakages. Script parses > >

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Sun, Nov 12, 2017 at 10:02:55AM -0800, Frank Rowand wrote: > Hi Michael, > > On 11/12/17 03:49, Michael Ellerman wrote: > > Hi Frank, > > > > Frank Rowand writes: > >> Hi Michael, Tobin, > >> > >> On 11/08/17 04:10, Michael Ellerman wrote: > >>> "Tobin C. Harding"

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Sun, Nov 12, 2017 at 10:02:55AM -0800, Frank Rowand wrote: > Hi Michael, > > On 11/12/17 03:49, Michael Ellerman wrote: > > Hi Frank, > > > > Frank Rowand writes: > >> Hi Michael, Tobin, > >> > >> On 11/08/17 04:10, Michael Ellerman wrote: > >>> "Tobin C. Harding" writes: > Currently

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

Hi Michael, On 11/12/17 03:49, Michael Ellerman wrote: > Hi Frank, > > Frank Rowand writes: >> Hi Michael, Tobin, >> >> On 11/08/17 04:10, Michael Ellerman wrote: >>> "Tobin C. Harding" writes: Currently we are leaking addresses from the kernel to

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

Hi Michael, On 11/12/17 03:49, Michael Ellerman wrote: > Hi Frank, > > Frank Rowand writes: >> Hi Michael, Tobin, >> >> On 11/08/17 04:10, Michael Ellerman wrote: >>> "Tobin C. Harding" writes: Currently we are leaking addresses from the kernel to user space. This script is an

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

Hi Frank, Frank Rowand writes: > Hi Michael, Tobin, > > On 11/08/17 04:10, Michael Ellerman wrote: >> "Tobin C. Harding" writes: >>> Currently we are leaking addresses from the kernel to user space. This >>> script is an attempt to find some of those

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

Hi Frank, Frank Rowand writes: > Hi Michael, Tobin, > > On 11/08/17 04:10, Michael Ellerman wrote: >> "Tobin C. Harding" writes: >>> Currently we are leaking addresses from the kernel to user space. This >>> script is an attempt to find some of those leakages. Script parses >>> `dmesg` output

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

Hi Michael, Tobin, On 11/08/17 04:10, Michael Ellerman wrote: > "Tobin C. Harding" writes: >> Currently we are leaking addresses from the kernel to user space. This >> script is an attempt to find some of those leakages. Script parses >> `dmesg` output and /proc and /sys files for

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

Hi Michael, Tobin, On 11/08/17 04:10, Michael Ellerman wrote: > "Tobin C. Harding" writes: >> Currently we are leaking addresses from the kernel to user space. This >> script is an attempt to find some of those leakages. Script parses >> `dmesg` output and /proc and /sys files for hex strings

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Tue, 2017-11-07 at 21:32 +1100, Tobin C. Harding wrote: > Currently we are leaking addresses from the kernel to user space. > This > script is an attempt to find some of those leakages. Script parses > `dmesg` output and /proc and /sys files for hex strings that look > like > kernel addresses.

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Tue, 2017-11-07 at 21:32 +1100, Tobin C. Harding wrote: > Currently we are leaking addresses from the kernel to user space. > This > script is an attempt to find some of those leakages. Script parses > `dmesg` output and /proc and /sys files for hex strings that look > like > kernel addresses.

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

> > Yes, profiling and tracing are similar. And you need to be root to run > the recording anyway. Thus, as long as root user can read kallsyms, > trace-cmd should be fine. As trace-cmd requires root access to do any > ftrace tracing. > > -- Steve Got it, thanks..

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

> > Yes, profiling and tracing are similar. And you need to be root to run > the recording anyway. Thus, as long as root user can read kallsyms, > trace-cmd should be fine. As trace-cmd requires root access to do any > ftrace tracing. > > -- Steve Got it, thanks..

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Thu, 9 Nov 2017 10:24:32 +0530 Kaiwan N Billimoria wrote: > On Thu, Nov 9, 2017 at 10:13 AM, Kaiwan N Billimoria > wrote: > >> But I don't know if there is anything else than the profiling code > >> that _really_ wants access to

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Thu, 9 Nov 2017 10:24:32 +0530 Kaiwan N Billimoria wrote: > On Thu, Nov 9, 2017 at 10:13 AM, Kaiwan N Billimoria > wrote: > >> But I don't know if there is anything else than the profiling code > >> that _really_ wants access to /proc/kallsyms in user space as a > >> regular user. > > >

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Thu, Nov 9, 2017 at 10:13 AM, Kaiwan N Billimoria wrote: >> But I don't know if there is anything else than the profiling code >> that _really_ wants access to /proc/kallsyms in user space as a >> regular user. > Front-ends to ftrace, like trace-cmd? [from the

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Thu, Nov 9, 2017 at 10:13 AM, Kaiwan N Billimoria wrote: >> But I don't know if there is anything else than the profiling code >> that _really_ wants access to /proc/kallsyms in user space as a >> regular user. > Front-ends to ftrace, like trace-cmd? [from the trace-cmd git repo (Steve

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

> But I don't know if there is anything else than the profiling code > that _really_ wants access to /proc/kallsyms in user space as a > regular user. Am unsure about this, but kprobes? (/jprobes/kretprobes), and by extension, wrappers over this infra (like SystemTap)? I (hazily) recollect a

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

> But I don't know if there is anything else than the profiling code > that _really_ wants access to /proc/kallsyms in user space as a > regular user. Am unsure about this, but kprobes? (/jprobes/kretprobes), and by extension, wrappers over this infra (like SystemTap)? I (hazily) recollect a

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Thu, Nov 09, 2017 at 11:49:52AM +1100, Michael Ellerman wrote: > "Tobin C. Harding" writes: > > > On Wed, Nov 08, 2017 at 11:10:56PM +1100, Michael Ellerman wrote: > >> "Tobin C. Harding" writes: > > [snip] > > > > Hi Michael, > > > > I'm working an adding

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Thu, Nov 09, 2017 at 11:49:52AM +1100, Michael Ellerman wrote: > "Tobin C. Harding" writes: > > > On Wed, Nov 08, 2017 at 11:10:56PM +1100, Michael Ellerman wrote: > >> "Tobin C. Harding" writes: > > [snip] > > > > Hi Michael, > > > > I'm working an adding support for ppc64 to

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

"Tobin C. Harding" writes: > On Wed, Nov 08, 2017 at 11:10:56PM +1100, Michael Ellerman wrote: >> "Tobin C. Harding" writes: > [snip] > > Hi Michael, > > I'm working an adding support for ppc64 to leaking_addresses.pl, I've > added the kernel address regular

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

"Tobin C. Harding" writes: > On Wed, Nov 08, 2017 at 11:10:56PM +1100, Michael Ellerman wrote: >> "Tobin C. Harding" writes: > [snip] > > Hi Michael, > > I'm working an adding support for ppc64 to leaking_addresses.pl, I've > added the kernel address regular expression that you suggested.

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Wed, Nov 08, 2017 at 11:10:56PM +1100, Michael Ellerman wrote: > "Tobin C. Harding" writes: [snip] Hi Michael, I'm working an adding support for ppc64 to leaking_addresses.pl, I've added the kernel address regular expression that you suggested. I'd like to add the false

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Wed, Nov 08, 2017 at 11:10:56PM +1100, Michael Ellerman wrote: > "Tobin C. Harding" writes: [snip] Hi Michael, I'm working an adding support for ppc64 to leaking_addresses.pl, I've added the kernel address regular expression that you suggested. I'd like to add the false positive for vsyscall

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Wed, Nov 08, 2017 at 11:10:56PM +1100, Michael Ellerman wrote: > "Tobin C. Harding" writes: > > Currently we are leaking addresses from the kernel to user space. This > > script is an attempt to find some of those leakages. Script parses > > `dmesg` output and /proc and /sys

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Wed, Nov 08, 2017 at 11:10:56PM +1100, Michael Ellerman wrote: > "Tobin C. Harding" writes: > > Currently we are leaking addresses from the kernel to user space. This > > script is an attempt to find some of those leakages. Script parses > > `dmesg` output and /proc and /sys files for hex

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Tue, Nov 7, 2017 at 4:59 PM, Linus Torvalds wrote: > > For example, maybe /proc/kallsyms could just default to not showing > values to non-root users. > > Something like the attached TOTALLY UNTESTED patch. It's meant more as > an RFC, not for application, but

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Tue, Nov 7, 2017 at 4:59 PM, Linus Torvalds wrote: > > For example, maybe /proc/kallsyms could just default to not showing > values to non-root users. > > Something like the attached TOTALLY UNTESTED patch. It's meant more as > an RFC, not for application, but it's also meant to show how we

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

"Tobin C. Harding" writes: > Currently we are leaking addresses from the kernel to user space. This > script is an attempt to find some of those leakages. Script parses > `dmesg` output and /proc and /sys files for hex strings that look like > kernel addresses. > > Only works for

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

"Tobin C. Harding" writes: > Currently we are leaking addresses from the kernel to user space. This > script is an attempt to find some of those leakages. Script parses > `dmesg` output and /proc and /sys files for hex strings that look like > kernel addresses. > > Only works for 64 bit kernels,

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Tue, Nov 07, 2017 at 03:36:06PM -0800, Laura Abbott wrote: > On 11/07/2017 02:32 AM, Tobin C. Harding wrote: > >Currently we are leaking addresses from the kernel to user space. This > >script is an attempt to find some of those leakages. Script parses > >`dmesg` output and /proc and /sys files

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Tue, Nov 07, 2017 at 03:36:06PM -0800, Laura Abbott wrote: > On 11/07/2017 02:32 AM, Tobin C. Harding wrote: > >Currently we are leaking addresses from the kernel to user space. This > >script is an attempt to find some of those leakages. Script parses > >`dmesg` output and /proc and /sys files

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Tue, Nov 7, 2017 at 3:36 PM, Laura Abbott wrote: > > I'd probably put /proc/kallsyms and /proc/modules on the omit list > since those are designed to leak addresses to userspace. Well, they are indeed designed to leak addresses, but not a lot of people should care. So I

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On Tue, Nov 7, 2017 at 3:36 PM, Laura Abbott wrote: > > I'd probably put /proc/kallsyms and /proc/modules on the omit list > since those are designed to leak addresses to userspace. Well, they are indeed designed to leak addresses, but not a lot of people should care. So I think we could

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On 11/07/2017 02:32 AM, Tobin C. Harding wrote: Currently we are leaking addresses from the kernel to user space. This script is an attempt to find some of those leakages. Script parses `dmesg` output and /proc and /sys files for hex strings that look like kernel addresses. Only works for 64

Re: [kernel-hardening] [PATCH v4] scripts: add leaking_addresses.pl

On 11/07/2017 02:32 AM, Tobin C. Harding wrote: Currently we are leaking addresses from the kernel to user space. This script is an attempt to find some of those leakages. Script parses `dmesg` output and /proc and /sys files for hex strings that look like kernel addresses. Only works for 64