Date: Mon, 17 Jun 2019 17:23:43 -0700 From: Nathan Whitehorn <nwhitehorn@freebsd.org> To: freebsd-hackers@freebsd.org Subject: Re: dev:md: A kernel address leakage in sys/dev/md/md.c Message-ID: <95db8d0d-5434-b2e0-c09b-55a9e2a41038@freebsd.org> In-Reply-To: <20190617162514.GC64731@raichu> References: <CABXRUiSGuH-dLX3mJhmMTfm4qs%2BYsnCTimQkh=uxuaA8=U0Xcg@mail.gmail.com> <20190617162514.GC64731@raichu>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2019-06-17 09:25, Mark Johnston wrote: > On Thu, Jun 13, 2019 at 02:52:24PM +0800, Fuqian Huang wrote: >> In freebsd/sys/dev/md/md.c >> if the kernel is created with option MD_ROOT, >> g_md_init will call md_preload and use mfs_root as the image. >> In function md_preload, address of image will be printed out, >> in this case, the address of image is the address of a global object mfs_root. >> A kernel address leakage happens. > We have many such leaks. For example, netstat and fstat will print > the kernel addresses of various structures. We currently do not perform > any randomization of the kernel address space, so guessing is easy even > in the absence of these leaks. In light of this I'm not sure it's worth > the churn to update individual printf()s. We do on some lower-tier platforms. On PowerNV, for instance, the kernel will end up at a hard-to-predict address. I agree with the general point, thouh. -Nathan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?95db8d0d-5434-b2e0-c09b-55a9e2a41038>