Skip to content

GitLab

Switch branch/tag
History Find file
Clone
module: Do not expose section addresses to non-CAP_SYSLOG
Kees Cook authored 
commit b25a7c5a

 upstream.

The printing of section addresses in /sys/module/*/sections/* was not
using the correct credentials to evaluate visibility.

Before:

 # cat /sys/module/*/sections/.*text
 0xffffffffc0458000
 ...
 # capsh --drop=CAP_SYSLOG -- -c "cat /sys/module/*/sections/.*text"
 0xffffffffc0458000
 ...

After:

 # cat /sys/module/*/sections/*.text
 0xffffffffc0458000
 ...
 # capsh --drop=CAP_SYSLOG -- -c "cat /sys/module/*/sections/.*text"
 0x0000000000000000
 ...

Additionally replaces the existing (safe) /proc/modules check with
file->f_cred for consistency.
Reported-by: default avatarDominik Czarnota <dominik.czarnota@trailofbits.com>
Fixes: be71eda5

 ("module: Fix display of wrong module .text address")
Cc: stable@vger.kernel.org
Tested-by: default avatarJessica Yu <jeyu@kernel.org>
Acked-by: default avatarJessica Yu <jeyu@kernel.org>
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundati...
a82f3f8f
Name Last commit Last update
Documentation dt-bindings: display: mediatek: control dpi pins mode to avoid leakage
LICENSES LICENSES: Rename other to deprecated
arch KVM: arm64: Fix kvm_reset_vcpu() return code being incorrect with SVE
block block: release bip in a right way in error path
certs .gitignore: add SPDX License Identifier
crypto crypto: af_alg - fix use-after-free in af_alg_accept() due to bh_lock_sock()
drivers IB/hfi1: Do not destroy link_wq when the device is shut down
fs io_uring: fix missing msg_name assignment
include kallsyms: Refactor kallsyms_show_value() to take cred
init Merge tag 'x86_urgent_for_v5.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
ipc ipc/util.c: sysvipc_find_ipc() incorrectly updates position index
kernel module: Do not expose section addresses to non-CAP_SYSLOG
lib test_objagg: Fix potential memory leak in error handling
mm mm/cma.c: use exact_nid true to fix possible per-numa cma leak
net netfilter: conntrack: refetch conntrack after nf_conntrack_update()
samples samples/vfs: avoid warning in statx override
scripts recordmcount: support >64k sections
security security: Fix hook iteration and default value for inode_copy_up_xattr
sound ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC
tools selftests: bpf: Fix detach from sockmap tests
usr kbuild: fix comment about missing include guard detection
virt KVM: arm64: vgic-v4: Plug race between non-residency and v4.1 doorbell
.clang-format clang-format: Update with the latest for_each macro list
.cocciconfig scripts: add Linux .cocciconfig for coccinelle
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl
.gitattributes
.gitignore
.mailmap
COPYING
CREDITS
Kbuild
Kconfig
MAINTAINERS
Makefile
README
README
Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.