On Dec 31, 5:11pm, Maxime Villard wrote: } } Here is a patch [1] that hides the addresses of the kernel modules when } 'modstat -k' is entered by an unprivileged user. The current behavior is } preserved for root. } } The addresses currently leaked cannot be used to reconstruct the layout of } the kernel, since the module VAs are embedded in bootspace.boot, whose location } is independent from that of each of the remaining kernel segments. } } But it's still good not to leak such information, to limit the surface for ROP } and a few other things, and this, also in the non-kaslr case. Ok? } } [1] http://m00nbsd.net/garbage/module/modstat.diff
@@ -150,10 +159,13 @@ strlcpy(ms->ms_required, mi->mi_required, sizeof(ms->ms_required)); } - if (mod->mod_kobj != NULL) { + if (mod->mod_kobj != NULL && stataddr) { kobj_stat(mod->mod_kobj, &addr, &size); ms->ms_addr = addr; ms->ms_size = size; + } else { + ms->ms_addr = 0; + ms->ms_size = 0; } ms->ms_class = mi->mi_class; ms->ms_refcnt = -1; I don't see why you added the part where you set ms_addr and ms_size to 0 given that the memory was kmem_zalloc'ed and thus we know that it is already 0? Also, given the reason for preventing information leaks, I would also make sure that the address isn't given out even for root when secure_level has been elevated. }-- End of excerpt from Maxime Villard