Date: Mon, 17 Jun 2019 10:24:50 -0700 From: Warner Losh <imp@bsdimp.com> To: Mark Johnston <markj@freebsd.org> Cc: Fuqian Huang <huangfq.daxian@gmail.com>, FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: dev:md: A kernel address leakage in sys/dev/md/md.c Message-ID: <CANCZdfrK2V9AEzeib8GV=26YUVV8qFweRbvmbCe%2BEZQBaz2hJQ@mail.gmail.com> In-Reply-To: <20190617162514.GC64731@raichu> References: <CABXRUiSGuH-dLX3mJhmMTfm4qs%2BYsnCTimQkh=uxuaA8=U0Xcg@mail.gmail.com> <20190617162514.GC64731@raichu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 17, 2019, 9:26 AM Mark Johnston <markj@freebsd.org> wrote: > On Thu, Jun 13, 2019 at 02:52:24PM +0800, Fuqian Huang wrote: > > In freebsd/sys/dev/md/md.c > > if the kernel is created with option MD_ROOT, > > g_md_init will call md_preload and use mfs_root as the image. > > In function md_preload, address of image will be printed out, > > in this case, the address of image is the address of a global object > mfs_root. > > A kernel address leakage happens. > > We have many such leaks. For example, netstat and fstat will print > the kernel addresses of various structures. We currently do not perform > any randomization of the kernel address space, so guessing is easy even > in the absence of these leaks. In light of this I'm not sure it's worth > the churn to update individual printf()s. > If we are serious about this, we'd just implement %p so we can turn it off for cases that matter. Since we can turn off dmesg already, I'm not worried about these for people running a randomized kernel: they can preclude this disclosure today. Warner _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfrK2V9AEzeib8GV=26YUVV8qFweRbvmbCe%2BEZQBaz2hJQ>