modstat and kaslr

To: tech-kern%NetBSD.org@localhost
Subject: modstat and kaslr
From: Maxime Villard <max%m00nbsd.net@localhost>
Date: Sun, 31 Dec 2017 17:11:02 +0100

Hi,
Here is a patch [1] that hides the addresses of the kernel modules when
'modstat -k' is entered by an unprivileged user. The current behavior is
preserved for root.

The addresses currently leaked cannot be used to reconstruct the layout of
the kernel, since the module VAs are embedded in bootspace.boot, whose location
is independent from that of each of the remaining kernel segments.

But it's still good not to leak such information, to limit the surface for ROP
and a few other things, and this, also in the non-kaslr case. Ok?

[1] http://m00nbsd.net/garbage/module/modstat.diff

Follow-Ups:
- re: modstat and kaslr
  - From: matthew green
- Re: modstat and kaslr
  - From: John Nemeth
- Re: modstat and kaslr
  - From: Christos Zoulas

Prev by Date: Re: CVS commit: src/sys/dev/acpi
Next by Date: Re: modstat and kaslr
Previous by Thread: Re: CVS commit: src/sys/dev/acpi
Next by Thread: Re: modstat and kaslr
Indexes:

Home | Main Index | Thread Index | Old Index