Source-Changes-D archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
re: CVS commit: src/sys/kern
On Dec 4, 10:20am, mrg%eterna.com.au@localhost (matthew green) wrote:
-- Subject: re: CVS commit: src/sys/kern
| i just had an idea about a relatively simple hack to allow
| kvm tools to work sanely in kaslr space, even if they're not
| fully converted yet.
|
| a secmodel overlay that has a way to allow a uid/gid combo
| to retrieve the addresses, not just root, and then have that
| combo set to */kvm. then, kvm tools don't drop gid kvm until
| after doing sysctl.
|
| this would restrict the sysctls to gid kvm.
|
| we still would have to audit the tools to ensure they do not
| expose these addresses directly (ie, printf), but only use
| them internally, but until functional parity is achieved it
| would allow both security and usability today.
|
| just an idea..
We already have the hooks for that: In proc_listener_cb() one can
add to KAUTH_REQ_PROCESS_CANSEE_KPTR a credentials check based on
two new sysctl's (kern.expose_address.uid, kern.expose_address.gid).
These can work as:
If kern.expose_address.enabled == 0, then nothing is allowed
If kern.expose_address.enabled == 1, then kern.expose_address.{uid,gid} are
consulted: if -1, all are allowed, else the euid/egid needs to match.
The changes to do this are trivial :-)
christos
Home |
Main Index |
Thread Index |
Old Index