Date: Mon, 17 Jun 2019 12:25:14 -0400 From: Mark Johnston <markj@freebsd.org> To: Fuqian Huang <huangfq.daxian@gmail.com> Cc: freebsd-hackers@freebsd.org Subject: Re: dev:md: A kernel address leakage in sys/dev/md/md.c Message-ID: <20190617162514.GC64731@raichu> In-Reply-To: <CABXRUiSGuH-dLX3mJhmMTfm4qs%2BYsnCTimQkh=uxuaA8=U0Xcg@mail.gmail.com> References: <CABXRUiSGuH-dLX3mJhmMTfm4qs%2BYsnCTimQkh=uxuaA8=U0Xcg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jun 13, 2019 at 02:52:24PM +0800, Fuqian Huang wrote: > In freebsd/sys/dev/md/md.c > if the kernel is created with option MD_ROOT, > g_md_init will call md_preload and use mfs_root as the image. > In function md_preload, address of image will be printed out, > in this case, the address of image is the address of a global object mfs_root. > A kernel address leakage happens. We have many such leaks. For example, netstat and fstat will print the kernel addresses of various structures. We currently do not perform any randomization of the kernel address space, so guessing is easy even in the absence of these leaks. In light of this I'm not sure it's worth the churn to update individual printf()s.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190617162514.GC64731>