Re: modstat and kaslr
On Dec 31, 5:11pm, Maxime Villard wrote: } } Here is a patch [1] that hides the addresses of the kernel modules when } 'modstat -k' is entered by an unprivileged user. The current behavior is } preserved for root. } } The addresses currently leaked cannot be used to reconstruct the layout of } the kernel, since the module VAs are embedded in bootspace.boot, whose location } is independent from that of each of the remaining kernel segments. } } But it's still good not to leak such information, to limit the surface for ROP } and a few other things, and this, also in the non-kaslr case. Ok? } } [1] http://m00nbsd.net/garbage/module/modstat.diff @@ -150,10 +159,13 @@ strlcpy(ms->ms_required, mi->mi_required, sizeof(ms->ms_required)); } - if (mod->mod_kobj != NULL) { + if (mod->mod_kobj != NULL && stataddr) { kobj_stat(mod->mod_kobj, , ); ms->ms_addr = addr; ms->ms_size = size; + } else { + ms->ms_addr = 0; + ms->ms_size = 0; } ms->ms_class = mi->mi_class; ms->ms_refcnt = -1; I don't see why you added the part where you set ms_addr and ms_size to 0 given that the memory was kmem_zalloc'ed and thus we know that it is already 0? Also, given the reason for preventing information leaks, I would also make sure that the address isn't given out even for root when secure_level has been elevated. }-- End of excerpt from Maxime Villard
Re: modstat and kaslr
In article, Maxime Villard wrote: >Hi, >Here is a patch [1] that hides the addresses of the kernel modules when >'modstat -k' is entered by an unprivileged user. The current behavior is >preserved for root. > >The addresses currently leaked cannot be used to reconstruct the layout of >the kernel, since the module VAs are embedded in bootspace.boot, whose location >is independent from that of each of the remaining kernel segments. > >But it's still good not to leak such information, to limit the surface for ROP >and a few other things, and this, also in the non-kaslr case. Ok? > >[1] http://m00nbsd.net/garbage/module/modstat.diff That looks fine (I presume root can still see them) christos
modstat and kaslr
Hi, Here is a patch [1] that hides the addresses of the kernel modules when 'modstat -k' is entered by an unprivileged user. The current behavior is preserved for root. The addresses currently leaked cannot be used to reconstruct the layout of the kernel, since the module VAs are embedded in bootspace.boot, whose location is independent from that of each of the remaining kernel segments. But it's still good not to leak such information, to limit the surface for ROP and a few other things, and this, also in the non-kaslr case. Ok? [1] http://m00nbsd.net/garbage/module/modstat.diff