In article <[email protected]>, Maxime Villard <[email protected]> wrote: >Hi, >Here is a patch [1] that hides the addresses of the kernel modules when >'modstat -k' is entered by an unprivileged user. The current behavior is >preserved for root. > >The addresses currently leaked cannot be used to reconstruct the layout of >the kernel, since the module VAs are embedded in bootspace.boot, whose location >is independent from that of each of the remaining kernel segments. > >But it's still good not to leak such information, to limit the surface for ROP >and a few other things, and this, also in the non-kaslr case. Ok? > >[1] http://m00nbsd.net/garbage/module/modstat.diff
That looks fine (I presume root can still see them) christos
