Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys Don't return the address of the kernel modules if the us...
details: https://anonhg.NetBSD.org/src/rev/2a1d9ccd07c5
branches: trunk
changeset: 358829:2a1d9ccd07c5
user: maxv <maxv%NetBSD.org@localhost>
date: Thu Jan 18 13:31:20 2018 +0000
description:
Don't return the address of the kernel modules if the user is not
privileged. Discussed on tech-kern@.
diffstat:
sys/compat/netbsd32/netbsd32_module.c | 14 ++++++++++----
sys/kern/sys_module.c | 14 ++++++++++----
2 files changed, 20 insertions(+), 8 deletions(-)
diffs (98 lines):
diff -r eba0cad8229b -r 2a1d9ccd07c5 sys/compat/netbsd32/netbsd32_module.c
--- a/sys/compat/netbsd32/netbsd32_module.c Thu Jan 18 13:24:01 2018 +0000
+++ b/sys/compat/netbsd32/netbsd32_module.c Thu Jan 18 13:31:20 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: netbsd32_module.c,v 1.5 2017/06/01 02:45:08 chs Exp $ */
+/* $NetBSD: netbsd32_module.c,v 1.6 2018/01/18 13:31:21 maxv Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -29,7 +29,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: netbsd32_module.c,v 1.5 2017/06/01 02:45:08 chs Exp $");
+__KERNEL_RCSID(0, "$NetBSD: netbsd32_module.c,v 1.6 2018/01/18 13:31:21 maxv Exp $");
#include <sys/param.h>
#include <sys/dirent.h>
@@ -52,6 +52,12 @@
size_t size;
size_t mslen;
int error;
+ bool stataddr;
+
+ /* If not privileged, don't expose kernel addresses. */
+ error = kauth_authorize_system(kauth_cred_get(), KAUTH_SYSTEM_MODULE,
+ 0, (void *)(uintptr_t)MODCTL_STAT, NULL, NULL);
+ stataddr = (error == 0);
kernconfig_lock();
mslen = (module_count+module_builtinlist+1) * sizeof(modstat_t);
@@ -64,7 +70,7 @@
strlcpy(ms->ms_required, mi->mi_required,
sizeof(ms->ms_required));
}
- if (mod->mod_kobj != NULL) {
+ if (mod->mod_kobj != NULL && stataddr) {
kobj_stat(mod->mod_kobj, &addr, &size);
ms->ms_addr = addr;
ms->ms_size = size;
@@ -82,7 +88,7 @@
strlcpy(ms->ms_required, mi->mi_required,
sizeof(ms->ms_required));
}
- if (mod->mod_kobj != NULL) {
+ if (mod->mod_kobj != NULL && stataddr) {
kobj_stat(mod->mod_kobj, &addr, &size);
ms->ms_addr = addr;
ms->ms_size = size;
diff -r eba0cad8229b -r 2a1d9ccd07c5 sys/kern/sys_module.c
--- a/sys/kern/sys_module.c Thu Jan 18 13:24:01 2018 +0000
+++ b/sys/kern/sys_module.c Thu Jan 18 13:31:20 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: sys_module.c,v 1.22 2017/06/01 02:45:13 chs Exp $ */
+/* $NetBSD: sys_module.c,v 1.23 2018/01/18 13:31:20 maxv Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sys_module.c,v 1.22 2017/06/01 02:45:13 chs Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sys_module.c,v 1.23 2018/01/18 13:31:20 maxv Exp $");
#ifdef _KERNEL_OPT
#include "opt_modular.h"
@@ -120,6 +120,12 @@
size_t size;
size_t mslen;
int error;
+ bool stataddr;
+
+ /* If not privileged, don't expose kernel addresses. */
+ error = kauth_authorize_system(kauth_cred_get(), KAUTH_SYSTEM_MODULE,
+ 0, (void *)(uintptr_t)MODCTL_STAT, NULL, NULL);
+ stataddr = (error == 0);
kernconfig_lock();
mslen = (module_count+module_builtinlist+1) * sizeof(modstat_t);
@@ -132,7 +138,7 @@
strlcpy(ms->ms_required, mi->mi_required,
sizeof(ms->ms_required));
}
- if (mod->mod_kobj != NULL) {
+ if (mod->mod_kobj != NULL && stataddr) {
kobj_stat(mod->mod_kobj, &addr, &size);
ms->ms_addr = addr;
ms->ms_size = size;
@@ -150,7 +156,7 @@
strlcpy(ms->ms_required, mi->mi_required,
sizeof(ms->ms_required));
}
- if (mod->mod_kobj != NULL) {
+ if (mod->mod_kobj != NULL && stataddr) {
kobj_stat(mod->mod_kobj, &addr, &size);
ms->ms_addr = addr;
ms->ms_size = size;
Home |
Main Index |
Thread Index |
Old Index