Re: [PATCH 3/10] Fix leaking of kernel heap addresses in net/

Thomas Graf <tgraf@xxxxxxxxxxxxx> · Thu, 11 Nov 2010 20:20:39 -0500

On Thu, Nov 11, 2010 at 08:07:03PM -0500, Dan Rosenberg wrote:
> diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
> index 1f85ef2..0ac8ff2 100644
> --- a/net/ipv4/raw.c
> +++ b/net/ipv4/raw.c
> @@ -948,13 +948,26 @@ static void raw_sock_seq_show(struct seq_file *seq, struct sock *sp, int i)
>  	__u16 destp = 0,
>  	      srcp  = inet->inet_num;
>  
> -	seq_printf(seq, "%4d: %08X:%04X %08X:%04X"
> -		" %02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %d\n",
> -		i, src, srcp, dest, destp, sp->sk_state,
> -		sk_wmem_alloc_get(sp),
> -		sk_rmem_alloc_get(sp),
> -		0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp),
> -		atomic_read(&sp->sk_refcnt), sp, atomic_read(&sp->sk_drops));
> +	/* Only expose kernel addresses to privileged readers */
> +	if (capable(CAP_NET_ADMIN))
> +		seq_printf(seq, "%4d: %08X:%04X %08X:%04X"
> +			" %02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %d\n",
> +			i, src, srcp, dest, destp, sp->sk_state,
> +			sk_wmem_alloc_get(sp),
> +			sk_rmem_alloc_get(sp),
> +			0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp),
> +			atomic_read(&sp->sk_refcnt),
> +			sp, atomic_read(&sp->sk_drops));
> +	else
> +		seq_printf(seq, "%4d: %08X:%04X %08X:%04X"
> +			" %02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %d %d\n",
> +			i, src, srcp, dest, destp, sp->sk_state,
> +			sk_wmem_alloc_get(sp),
> +			sk_rmem_alloc_get(sp),
> +			0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp),
> +			atomic_read(&sp->sk_refcnt),
> +			0, atomic_read(&sp->sk_drops));

If we really have to do this. At least don't duplicate all this code. Do
the check in the printf argument:

	seq_printf(seq, "%4d: %08X:%04X %08X:%04X"
		...
		capable(CAP_NET_ADMIN) ? sp : 0,

I would even move the decision whether to expose kernel addresses or not
to a function so we can change behavior in one place.
--
To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html