dev:md: A kernel address leakage in sys/dev/md/md.c

Mark Johnston markj at freebsd.org
Mon Jun 17 16:25:19 UTC 2019


On Thu, Jun 13, 2019 at 02:52:24PM +0800, Fuqian Huang wrote:
> In freebsd/sys/dev/md/md.c
> if the kernel is created with option MD_ROOT,
> g_md_init will call md_preload and use mfs_root as the image.
> In function md_preload, address of image will be printed out,
> in this case, the address of image is the address of a global object mfs_root.
> A kernel address leakage happens.

We have many such leaks.  For example, netstat and fstat will print
the kernel addresses of various structures.  We currently do not perform
any randomization of the kernel address space, so guessing is easy even
in the absence of these leaks.  In light of this I'm not sure it's worth
the churn to update individual printf()s. 


More information about the freebsd-hackers mailing list