dev:md: A kernel address leakage in sys/dev/md/md.c
Warner Losh
imp at bsdimp.com
Mon Jun 17 17:25:05 UTC 2019
On Mon, Jun 17, 2019, 9:26 AM Mark Johnston <markj at freebsd.org> wrote:
> On Thu, Jun 13, 2019 at 02:52:24PM +0800, Fuqian Huang wrote:
> > In freebsd/sys/dev/md/md.c
> > if the kernel is created with option MD_ROOT,
> > g_md_init will call md_preload and use mfs_root as the image.
> > In function md_preload, address of image will be printed out,
> > in this case, the address of image is the address of a global object
> mfs_root.
> > A kernel address leakage happens.
>
> We have many such leaks. For example, netstat and fstat will print
> the kernel addresses of various structures. We currently do not perform
> any randomization of the kernel address space, so guessing is easy even
> in the absence of these leaks. In light of this I'm not sure it's worth
> the churn to update individual printf()s.
>
If we are serious about this, we'd just implement %p so we can turn it off
for cases that matter. Since we can turn off dmesg already, I'm not worried
about these for people running a randomized kernel: they can preclude this
disclosure today.
Warner
_______________________________________________
> freebsd-hackers at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
>
More information about the freebsd-hackers
mailing list