Re: modstat and kaslr

2017-12-31 Thread John Nemeth 
On Dec 31,  5:11pm, Maxime Villard wrote:
}
} Here is a patch [1] that hides the addresses of the kernel modules when
} 'modstat -k' is entered by an unprivileged user. The current behavior is
} preserved for root.
} 
} The addresses currently leaked cannot be used to reconstruct the layout of
} the kernel, since the module VAs are embedded in bootspace.boot, whose 
location
} is independent from that of each of the remaining kernel segments.
} 
} But it's still good not to leak such information, to limit the surface for ROP
} and a few other things, and this, also in the non-kaslr case. Ok?
} 
} [1] http://m00nbsd.net/garbage/module/modstat.diff

@@ -150,10 +159,13 @@
strlcpy(ms->ms_required, mi->mi_required,
sizeof(ms->ms_required));
}
-   if (mod->mod_kobj != NULL) {
+   if (mod->mod_kobj != NULL && stataddr) {
kobj_stat(mod->mod_kobj, , );
ms->ms_addr = addr;
ms->ms_size = size;
+   } else {
+   ms->ms_addr = 0;
+   ms->ms_size = 0;
}
ms->ms_class = mi->mi_class;
ms->ms_refcnt = -1;

 I don't see why you added the part where you set ms_addr and
ms_size to 0 given that the memory was kmem_zalloc'ed and thus we
know that it is already 0?

 Also, given the reason for preventing information leaks, I
would also make sure that the address isn't given out even for root
when secure_level has been elevated.

}-- End of excerpt from Maxime Villard

Re: modstat and kaslr

2017-12-31 Thread Christos Zoulas 
In article ,
Maxime Villard   wrote:
>Hi,
>Here is a patch [1] that hides the addresses of the kernel modules when
>'modstat -k' is entered by an unprivileged user. The current behavior is
>preserved for root.
>
>The addresses currently leaked cannot be used to reconstruct the layout of
>the kernel, since the module VAs are embedded in bootspace.boot, whose location
>is independent from that of each of the remaining kernel segments.
>
>But it's still good not to leak such information, to limit the surface for ROP
>and a few other things, and this, also in the non-kaslr case. Ok?
>
>[1] http://m00nbsd.net/garbage/module/modstat.diff

That looks fine (I presume root can still see them)

christos

modstat and kaslr

2017-12-31 Thread Maxime Villard 

Hi,
Here is a patch [1] that hides the addresses of the kernel modules when
'modstat -k' is entered by an unprivileged user. The current behavior is
preserved for root.

The addresses currently leaked cannot be used to reconstruct the layout of
the kernel, since the module VAs are embedded in bootspace.boot, whose location
is independent from that of each of the remaining kernel segments.

But it's still good not to leak such information, to limit the surface for ROP
and a few other things, and this, also in the non-kaslr case. Ok?

[1] http://m00nbsd.net/garbage/module/modstat.diff